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1.  Introduction 


1.1.  Motivation 

Hardware  design  could  benefit  greatly  from  a  precise  computation  theory  of  hardware  systems.  Cunent  design 
and  validation  methods,  such  as  simulation  and  testing  are  expensive  and  unreliable.  The  call  for  formal  methods  in 
hardware  design  is  heard  more  and  more  in  the  hardware  community,  and  not  only  among  theoreticians,  but  also 
among  practitioners  as  in  [Russell-Kinniment-Chester-McLauchlan  85]  (p.  1 89): 

As  the  designs  get  bigger  this  [validation]  capability  will  not  be  provided  by  traditional  simulators.  Formal 
verification  of  some  other  kind  will  need  to  be  employed,  which  means  thal  current  languages  will  -ecd  to  be 
redesigned  to  encompass  formal  techniques. 

Formal  venfication,  such  as  mechanical  proof  of  correctness  or  transformation-based  (inferential)  design  systems 
[Burstall-Darlington  77],  [Scherlis-Scott  83]  .  requires  a  formal  underlying  semantics,  and  this  is  what  we  mean  by 
a  "precise  computation  theory  of  hardware  systems". 

This  is  not  an  entirely  new  concept!  Such  a  formal  theory  has  been  around  for  a  long  time  for  a  small  class  of 
hardware  systems,  combinational  circuits.  Their  semantics  are  given  in  terms  of  Boolean  functions,  and  theoretical 
applications  include  equivalences  proofs  using  the  Boolean  calculus,  minimization  theorems,  and  many  more 
advanced  theories  such  as  fault-modelling  and  test-generation  In  fact,  the  Boolean  Algebra  semantics  is  ubiquitous 
in  the  education  of  hardware  engineers. 

Our  goal  was  therefore  to  find  similarly  natural  and  mathematically  tractable  semantics  for  more  general  hardware 
systems,  to  serve  as  a  basis  for  reasoning  formally  about  hardware  designs. 

1.2.  Solution  proposed 

Using  functions  on  finite  strings  as  a  basic  mathematical  object,  we  have  developed  the  core  of  a  formal  theory 
for  a  wider  class  of  hardware:  synchronous  systems/circuits. 

The  basic  ideas  and  relation  to  the  Boolean  function  semantics  are  fairly  simple  and  we  have  made  a  special  effort 
to  include  a  detailed,  motivated,  informal  explanation  in  section  3.1  .  Technically  we  build  Scott-style  domains  of 
strings,  and  string- functions,  and  give  the  extensional  semantics  of  a  synchronous  circuit  in  terms  of  monotonic 
(with  respect  to  less-defined-than  and  prefix)  and  length-preserving  string-functions.  Note  however  that  in  contrast 
to  other  work  in  concurrency  theory  based  on  strings,  we  need  only  finite  strings,  and  use  as  our  primary  ordering 
the  pointwise  extension  of  the  flat  ordering  on  the  base  domain,  not  the  prefix  ordering.  Correspondingly,  we  solve 
our  fixed  point  equations  in  the  string -function  domain,  and  not  in  the  string  domain.  The  beginning  of  a  calculus 
based  on  these  functional  extensional  semantics  is  shown  among  the  possible  theoretical  applications  in  section  4.1. 

In  order  to  reason  about  synchronous  systems  in  an  even  more  general  and  powerful  manner,  we  have  added  a 
recent  idea  of  software  computation  theory:  intensional  semantics  .  These  give  a  mathematical  handle  on  how  an 
algongthm  (or  in  our  case,  a  circuit)  computes  its  result,  as  opposed  to  just  what  the  result  is,  i.e.  its  extensional 
semantics.  These  concepts  are  studied  in  great  depth  in  [Talcott  85]  and  [Moschovakis  03].  They  provide  a  way  to 
compare  precisely  the  objects  we  are  trying  to  design,  and  hence  provide  the  relations  which  will  be  at  the  core  of 
future  "guaranteed  correct"  transformation-based  design  systems  [Scherlis-Scott  83].  A  very  limited  taste  of  such 
relations  is  given  in  section  4.2. 

These  constitute  the  main  ideas  presented  in  this  report  In  order  to  support  them  however,  we  have  proved  a  few 
additional  results  about  our  semantics: 

•  We  have  given  a  semantic  characterization  of  synchronous  circuits  which  obey  the  "Every  Loop  is 


Clocked"  design  rule,  even  though  our  semantics  assign  a  meaning  to  all  circuits  (luilt  arbitrarily  from 
primitive  components:  registers  and  gates).  We  have  not  seen  such  charactenzation  (in  any  form) 
anywhere  else  in  the  hardware  semantics  literature. 

•  We  have  defined  an  operational  semantics  which  is  extremely  simple,  and  basically  a  trivial  circuit 
simulation  algorigthm.  and  proved  its  equivalence  to  our  extensional  semantics.  We  also  believe  this 
result  to  be  new  in  the  context  of  hardware  systems,  although  related  operational-denotational 
equivalence  proofs  have  appeared  in  the  context  of  dataflow  [Faustini  82a]  and  more  clearly 
[Glasgow-MacEwen  87]  within  operator  nets. 

•  We  have  shown  how  to  apply  these  semantics  to  Sequential  Machines  (Mealy  Machines  [Booth  67], 
[Hopcroft-Ullman  79])  which  are  at  the  core  of  synchronous  circuit  design  in  the  engineering 
community.  This  allows  us  to  formally  state  that  a  certain  circuit  correctly  implements  a  certain 
sequential  machine. 

Finally,  since  our  denotational  semantics  is  based  on  a  new  domain  of  string- functions,  and  since  ultimately  all 
claims  of  design  correctness  rely  on  sound  underlying  mathematics,  and  since  a  precise  and  thorough  understanding 
of  the  theory  is  an  essential  prerequisite  to  its  mechanization  (in  a  theorem-prover),  we  have  taken  extreme  care  to 
develop  the  foundations  in  complete  detail. 

In  order  to  reach  the  full  generality  that  we  needed,  such  as  combinations  of  functions  with  arbitrary  (and 
different)  number  of  inputs,  without  any  hand-waving,  we  found  that  we  had  to  use  some  slightly  technical  tools, 
such  as  Moschovakis’  induction  algebras.  Moreover,  we  isolated  two  mathematical  structures  which  came  up 
during  the  process  and  seemed  to  present  some  interest. 

•  Finite  Depth  domains,  which  are  generalizations  of  flat  domains,  and 

•  String  domains,  which  are  domains  generated  from  a  base  domain  with  string  operations. 

To  prevent  confusion  between  these  developments  and  their  applications  to  hardware  semantics,  and  spare  less 
mathematically  inclined  readers,  we  have  placed  them  in  a  separate  "Foundations"  chapter  (chapter  2). 

1.3.  Relation  to  other  work 

The  original  inspiration  for  this  work  came  from  software  concurrency  theory  and  the  woik  of  [Kahn  74]  on 
semantics  of  asynchronous  communicating  processes.  The  key  idea  there  was  to  view  each  node  as  history-  (or 
string-)functional,  the  system  as  a  list  of  string  equations,  and  define  the  result  to  be  the  least  solution  (or  fixed 
point)  of  the  system,  in  a  domain  of  infinite  strings  ordered  by  the  prefix  relation.  Other  people  then  tried  to  exhibit 
operational  models  for  which  they  could  prove  the  appropriateness  of  the  "Kahn- semantics"  [Arnold  81],  [Faustini 
87a],  [Faustini  82b]  and  references  therein. 

In  our  case,  we  have  kept  the  basic  idea  of  nodes  being  string-functional,  but  because  of  our  synchronous  context, 
we  were  able  to  use  a  domain  of  finite  strings,  ordered  by  a  pointwise  extension  of  the  flat  ordering  on  the  base 
domain.  Also,  we  made  the  abstraction  to  sXiiag-functions  for  circuits,  which  was  only  implicit  in  [Kahn  74], 
Moreover  we  view  the  equations  as  defining  string- functions  instead  of  strings,  and  correspondingly  solve  our  fixed 
point  system  in  a  functional  domain. 

Much  of  the  work  derived  from  [Kahn  74]  in  concurrency  theory  has  gone  into  trace  theory,  keeping  the  history 
idea,  but  tossing  away  the  functional  abstraction,  mainly  to  deal  with  limitations  of  [Kahn  74]  in  non-deterministic 
contexts,  as  pointed  out  in  [Brock -Ackerman  81].  These  have  been  successfully  applied  to  VLSI  in  [van  de 
Snepscheut  85]  and  recently  in  [Dill  88]  to  asynchronous  circuits.  However  synchronous  systems  do  not  present  any 
of  the  difficulties  necessitating  trace  theory.  And  fundamentally,  we  believe  the  functional  abstraction  to  be  natural 
and  crucial  for  the  design  of  large  systems,  for  a  rich  calculus  of  synchronous  circuits  (analogous  to  the  Boolean 
calculus),  and  for  the  intuitive  understanding  of  systems 
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Also  inspired  by  the  work  of  Kahn,  and  trying  to  apply  these  ideas  to  the  semantics  of  hardware,  are  the  works  of 
[Brookes  84]  and  recently  [Kloos  87]: 


[Brookes  84]  uses  infinite  strings  (viewed  as  functions  on  integers)  but  is  fairly  informal  and  based  only  on  one 
example,  which  does  not  have  any  feedback.  His  remark  concerning  the  handling  of  feedback  is  essentially  wrong 
(or  extremely  imprecise)  since  the  original  state  of  the  registers  seems  not  to  be  kept  in  the  syntactic  object,  even 
though  in  the  presence  of  feedback,  it  can  affect  the  final  semantics  immensely. 


[Kloos  87]  in  contrast  is  quite  formal  and  thorough,  and  is  very  much  based  on  Kahn's  idea  of  functions  on 
infinite  strings,  with  a  (slightly  modified)  prefix  ordering  due  to  Broy.  This  work  is  the  most  similar  to  ours  that  we 
have  found,  and  goes  a  long  way  towards  achieving  many  of  our  goals,  within  a  different  mathematical  environment 
and  for  the  extensional  part  only.  It  is  however,  much  broader  in  its  scope  of  harware  systems  it  aims  to  model,  and 
correspondingly,  the  theory  is  weaker.  Moreover,  the  algebra  of  finite  strings  has  many  advantages  for  purposes  of 
mechanizing,  such  as  induction.  Also,  no  proof  of  equivalence  with  any  operational  model  or  other  key  property  of 
the  semantics  is  given. 


Much  other  work  related  to  ours  falls  under  the  category  of  "new  hardware  languages".  These  have  evolved  very 
similarly  to  software  languages:  from  ad-hoc  (assembly)  to  clearer  (high-level)  to  semantically  cleaner  (functional) . 
Just  like  in  software,  very  few  of  them  really  have  formal  underlying  semantics.  Two  notable  exceptions  are 
[Sheeran  83]  and  [Johnson  83]: 


[Sheeran  83]  uses  FP  [Backus  78]  as  a  semantic  base,  and  hence  functions  on  sequences.  Aside  from  an 
insistence  on  a  variable-free  (and  hence  hardly  readable)  style,  there  is  a  lot  of  emphasis  on  algebraic  laws,  so 
"philosophically"  our  work  is  very  related  to  hers. 


[Johnson  83]  uses  a  more  standard  applicative  notation  but  puts  much  more  emphasis  on  the  language  issue  than 
on  the  semantics.  Most  of  the  emphasis  is  on  (informally)  transforming  recursive  descriptions  of  the  algorithm 
which  are  not  directly  implementable  in  hardware,  into  other  descriptions  which  are.  The  semantics  only  model  a 
special  restricted  "stylized"  kind  of  circuit  (with  one  "output"  line  and  one  "ready"  line).  The  model-theoretic 
semantics  are  sketched  rapidly,  are  not  very  natural  (signals  are  "infinite  sequences  of  instantaneous  operations "), 
and  are  clearly  not  the  main  goal  in  his  work. 


Finally,  work  in  mechanical  correctness  proofs  of  hardware  shares  some  important  goals  with  us,  although  we 
believe  that  semantics  should  be  thoroughly  studied  first  The  most  impressive  such  result  we  know  so  far  is  [Hunt 
85]  where  two  descriptions  of  a  CPU  (one  of  which  was  isomorphic  to  the  actual  hardware)  were  proved  equivalent 
in  the  Boyer-Moore  system.  The  semantics  however,  while  quite  clear  in  the  combinational  logic  case,  are  more 
fuzzy  in  the  sequential  case,  where  a  "stylized"  description  is  used,  with  no  formal  justification.  One  price  paid  for 
this  is  the  lack  of  compxisitionality,  i.e.  the  unability  to  combine  easily  two  separate  (sequential)  specifications  into  a 
bigger  one.  Also  along  the  verification  lines,  we  share  a  lot  "in  spirit”  with  Gordon's  work  in  higher-order  logic: 
[Gordon  85]  and  related  efforts.  Technically  however  we  differ  significantly.  Gordon’s  semantics  are  axiomatic: 
hardware  objects  are  associated  with  predicates  (on  functions  of  time),  and  systems  are  "ANDed"  together.  Besides 
putting  more  emphasis  on  the  model-theoretic  aspiects  of  our  semantics,  we  have  also  defined  our  theory  so  that 
hardware  systems  are  describable  in  just  a  first-order  language.  This  may  simplify  automatic  derivations,  and  in  any 
case  gives  us  a  greater  choice  of  theorem-provers.  Moreover,  by  studying  properties  of  the  algebraic  structure  (i.e. 
building  a  calculus)  we  can  derive  system -independent  properties. 


*, 


1.4.  Notation 

We  have  tried  as  much  as  possible  to  use  standard  mathematical/logical  notation:  a  ,  v  .  =>  ,  <=>  ,  V 

and  z  are  the  usual  logical  symbols,  co  denotes  the  set  of  natural  numbers  (non-negative  integers). 

We've  generalized  slightly  the  tuple  projection  operator  (denoted  by  subscripting):  (x1,..,xn)i  =  x( ,  to  lake  a  tuple 
of  positions  and  return  the  corresponding  sub-tuple  of  values:  (x,...jt  ) =  (x  ,..,x,  ) 

For  our  precise"  proofs,  we  have  a  semi-formal  notation:  There  are  two  columns:  assertions  on  the  left,  and 
justifications  on  the  right  enclosed  in  double  brackets,  which  can  be  mentally  read  as  "because”  or  "by".  Successful 
complenon  of  the  proof  is  indicated  by: 

[[]] 

often  indexed  by  the  name  of  the  theorem  it  proved.  For  example: 


We  have  I  =  V  /  R 

[[  Ohm,  thm.  1  ]] 

and 

"O 

II 

< 

* 

[[  definition  ]] 

P  =  V:  /  R 

ar.d 

V  =  5.0  volts 

[[  hypothesis  ]] 

and 

R  *  0  ohm 

[[  we've  reversed  Vcc  and  Gnd  pins  ]] 

tmita  .  Chip-is-Hot 

In  general,  these  proofs  are  most  easily  followed  by  skipping  the  individual  justifications,  i.e.  reading  the  left 
column  only!  Occasionally,  if  a  step  appears  unclear,  then  checking  the  justification  is  useful. 

Other  notations  for  particular  structures  (such  as  strings)  are  defined  as  concepts  are  defined.  An  index  of  major 
definitions  is  given  at  the  end  for  random-access"  readers.  The  report  itself  is  "linearly"  organized  in  definition- 
theorem -proof  form,  each  referring  only  to  concepts  previously  defined  or  proved. 


2.  Mathematical  Foundations  of  the  Semantics 


2.1.  Basic  Theory:  CPOs,  PCPOs,  and  Induction  Algebras 

The  domains  we  consider  are  chain-complete  partially  ordered  sets.  However,  since  there  are  some  terminology 
variations  across  the  vanous  authors  in  the  field,  we  specify  here  the  structures  we  will  use,  as  well  as  the  main 
results  we'll  need  about  them. 

Many  of  these  definitions  and  results  can  be  found  in  various  places  and  forms  in  [Manna  74]  chapter  5,  [de 
Bakker  80]  chapters  3  and  5.  and  [Schmidt  86]  chapter  6  . 

Often  however,  these  concepts  (lub.  continuity,  fixed  points)  are  obscured  in  standard  treatments  because  they  are 
defined  in  the  specific  context  in  which  they  are  needed,  which  usually  turns  out  to  be  a  higher-order  set  where  it  is 
hard  to  visualize  things.  We  have  tried  to  avoid  that  pitfall  here,  and  have  defined  each  notion  in  the  simplest 
structure  in  which  it  is  meaningful. 

Definition  2.1:  Partial  Order  [PO] 

<P.  c  >  is  a  Partial  Order  [PO]  <=>  P  is  a  set  a  £  is  a  binary  relation  on  P  which  is 

•  reflexive:  Vis  P  ,  x  c  x 

•  antisymmetnc:  Vx,yeP,(xcy  a  ycx  =>  x=y  ) 

•  transitive:  Vxyze  f,(icy  a  ycz  =>  x  c  z ) 


Definition  2.2:  Upper  Bound 

Let  <P,  c  >  be  a  PO,  S  be  a  subset  of  P,  y  €  P  is  an  Upper  Bound  of  S  (in  P)  <=>  V  x  e  S  ,  x  c  y 


Definition  2.3:  Least  Upper  Bound  [LUB] 

Let  <P.  c  >  be  a  PO,  S  be  a  subset  of  P,  y  e  P  is  a  Least  Upper  Bound  of  S  (in  P)  <=>  y  is  an  Upper 
Bound  of  5  a  Vzs  P,z  Upper  Bound  of  S  =>  ycz 

Definition  2.4:  Chain 

Let  <P,  c  >  be  a  PO,  S  a  subset  of  P  ,  S  is  a  chain  <=>  V  x,y  e  S  ,  x  e  y  v  ye*  (i.e.  c  is  total  in  S). 

Note:  we  usually  refer  to  chains  as  indexed  by  an  ordinal  I:  (*j)i6  j  I  Vie  I ,  x;  c  xi+,  .  This  does  not 
reduce  the  generality. 


Definition  2.5:  Complete  Partial  Order  [CPO] 

<P,  c  >  is  a  Complete  Partial  Order  [CPO]  <=>  <P,  e  >  is  a  PO  a  every  non-empty  chain  in  P  has  a  LUB. 


Definition  2.6:  Pointed  Complete  Partial  Order  [PCPO] 

<P,  c  >  is  a  Pointed  CPO  <=>  <P,  e>  is  a  CPO  a  there  is  a  least  element,  usually  called  1 ,  for  c  in  P 
(i.e.  the  empty  chain  also  has  a  lub). 

The  distinction  between  CPOs  and  PCPOs  is  often  glossed  over,  because  most  domains  used  in  practice  are 
PCPOs  (  [Schmidt  86],  [Melton-Schmidt  86]  make  the  distinction).  In  our  case,  we  will  deal  with  structures  which 
are  CPOs  but  not  PCPOs,  and  therefore,  we  need  the  more  general  definitions. 

Note  that  any  PCPO  is  a  CPO,  and  therefore  all  results  true  for  CPOs  apply  to  PCPOs.  Also,  an  equivalent 
definition  of  PCPOs  not  referring  to  CPOs  can  be  given,  simply  by  requiring  that  "every  chain  has  a  LUB",  but  our 
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definition  makes  the  dependency  on  the  empty  chain  explicit. 

Definition  2.7:  Monotonic  function  on  POs 

Let  </*  |.Q|>  .  <P  2<  £  -,>  be  POs.  f  a  function:  P  |  — »  P-,  ,  f  is  monotonic  <=>  V  x.y  e  P]  ,  x  c  ,  y  => 
fix)  C2  f(v) 


Definition  2.8:  Continuous  function  on  [PICPOs 

Let  <P  |.C|>,  <P2.  c2>  be  PCPOs  [tesp.  CPOs],  f  a  function.  Px  — »  P2  .  f  is  continuous  <=> 

V  (x,)16  ,  [resp.  non-empty]  chain  in  P,  (f(x,)),6  f  has  a  lub  a  f(lub  (x,)16  ,)  =  lub(f(x,))1€  ; 
where  the  lubs  are  taken  in  the  appropriate  domains . 

By  considering  a  chain  of  just  two  elements  we  immediately  get: 

Theorem  2.9:  Continuous  =>  Monotonic 

Let  <Py  c  [>  .  <P2,  £  2>  be  CPOs,  and  f  a  function:  Pl  — >  P2  ,  f  continuous  =>  f  monotonic  . 

The  next  two  properties  are  immediate,  but  ofen  useful: 

Theorem  2.10:  Composition  of  monotonic  functions 

Let  <P j.c  j>  ,  <P2, c 2>  ,  <P3,c3>  be  POs.  Let  f  be  a  function:  P{  -*  P2  ,  g  be  a  function.  P2  — »  P3 ,  f  and  g 
are  monotonic  =>  g  „  f :  P{  — »  P3 ,  is  monotonic. 


Theorem  2.11:  Composition  of  continous  functions 

Let  <P,,c:  j>  ,  <P2,c2>  •  be  CPOs.  Let  f  be  a  function:  P,  -»  P2  ,  g  be  a  function:  P2  -»  P3 ,  f  and 

g  are  continuous  =>  g  „  f :  P,  -»  P3  .  is  continuous. 

Definition  2.12:  Fixed  Point  of  a  function 

Let  S  be  an  arbitrary  set,  f  a  unary  function  on  S,  x  e  S  is  a  Fixed  Point  of  f  <=>  f(x)  =  x 

Note  that  the  preceding  definition  is  a  common  mathematical  notion,  and  applicable  to  any  structure,  not  just 
CPOs.  In  Partially  Ordered  sets,  we  can  additionally  define  the  notion  of  a  Least  Fixed  Point: 

Definition  2.13:  Least  Fixed  Point  [LFP]  of  a  function 

Let  <P,  c;  >  be  a  PO,  f  a  unary  function  on  P,  x  e  P  is  a  Least  Fixed  Point  of  f  <=>  x  is  a  fixed  point  of  f 

A 

V  y  6  P  ,  v  fixed  point  of  f  =>  x  c  y  . 

One  of  the  main  reasons  for  using  PCPOs  as  domains  is  that  in  these  structures,  a  wide  class  of  functions  have  least 
fixed  points,  which  moreover  can  be  computed  explicitely: 

Theorem  2.14:  Kleene 

A  continuous  function  f,  on  a  PCPO  <P,  c  >.  has  a  LFP  in  P  :  lub(P(±  )),  e  ^ 

Proof: 

This  is  an  extension  of  Kleene 's  1st  Recursion  theorem  [Kleene  67]  .  Many  proofs  of  this  result  exist  in  the 
literature,  in  various  forms.  One  closest  to  our  notation  can  be  found  in  [Schmidt  86]  p.  1 14  . 

K^Thm.  2.14 

A  useful  generalization  in  [Moschovakis  77]  extends  this  result  to  families  of  PCPOs,  and  systems  of  continuous 
functions  on  these  CPOs  fMoschovakis’  results  are  actually  more  general  and  deal  with  arbitrary  induction  and  big 
ordinals.  We  restate  them  here  in  the  simpler  context  of  continuous  induction,  and  consistently  with  our  notations.) 


Definition  2.15:  Induction  Algebra 

i- '  £j)Jg  i-  F  >  is  an  induction  algebra  <=>  V j  e  1 ,  <P.  c>  is  a  PCPO  a  F  is  a  set  of  functions 
f:  P  x  ...  x  P  — >  P  .  containing  the  identity  maps,  and  closed  under  composition  with  projections. 

By  projection  we  mean  a  function  of  the  form:  — >  x,  for  some  i  e  { l..n}  . 

By  "closed  under  composition  with  projections"  we  mean  that  if  g  e  F  and  f  satisfies:  f(xj...,xn)  = 
g(7t1(x,....xn>,...7rm(x|...,xnj)  with  7t,,..,rcm  given  projections,  then  t  e  F  . 

Theorem  2.16:  Kleene-Moschovakis 

Let  -tfiPjij  e  j,  (£j)j6  j,  F  >  be  an  induction  algebra.  Let  (f,....fn)  be  a  system  of  continuous  functions  in  F  , 

where  Vk  e  { l..n)  ,  L:  P  x  ...  x  P  — >  P  ,  then  that  system  1  is  a  LFP  in  P  x  ...  x  P  : 

•M  Jo  Jk  J]  Jn 

lub[(fi...,fn)Uv.._J0]16(U. 

Proof: 

See  [Moschovakis  77],  Lemmas  2.4  and  2.5  .  These  actually  apply  to  monotone  functions,  and  conclude  that  the 
system  has  a  fixed  point: 

lub[(f,...,f  )‘(1 : ...  J. •  )]•  „  with  k  some  "big  enough"  ordinal. 

i  n  jo  l  t  k 

Since  in  our  case  we  are  restricting  ourselves  to  continuous  functions,  it  is  clear  that  co  is  big  enough: 

We  have  f  [  lub(f(l  ))i6  m  ]  =  lub(r^  '(_L  ))j€  m  [[  continuity  of  f  ]] 

and  (fi+1(±))i6a,  =  (P(l))1£a)-{X} 
lub(f+1a))16t0  =  lub(f(l))ieCD 
f[lub{fa))16(0]  =  lub<fi<l))iea) 

lub(P(l  ))1£  m  is  a  fixed  point  And  the  same  proof  obviously  carries  through  to  a  tuple  of  functions. 

2.16 

A  few  other  results  which  help  us  build  CPOs  and  PCPOs  are  enumerated  below. 

Theorem  2.17:  Product  of  CPOs 

The  cartesian  product  of  CPOs  is  a  CPO  (under  the  induced  coordinate-wise  ordering),  and  the  lub  of  a  chain  of 
tuples  is  the  tuple  of  the  lubs  of  the  coordinates  (i.e.  the  tupl-ing  operation  is  continuous). 

This  generalizes  immediately  to  finite  product. 

Theorem  2.18:  Product  of  PCPOs 

The  cartesian  product  of  PCPOs  is  a  PCPO  (under  the  induced  coordinate -wise  ordering). 

This  also  generalizes  immediately  to  finite  product 

Theorem  2.19:  Disjoint  union  of  CPOs 

The  disjoint  union  of  CPOs  is  a  CPO  (under  the  union  of  the  ordering  relations). 

This  generalizes  to  arbitrary  unions  with  the  following  definition:  'u  (#*  *)j  j  =  {  x  |  3  i  e  I  |  x  e  P'  }  , 
where  the  P ' ’s  are  all  disjoint 

Mote  however  that  the  disjoint  union  of  PCPOs  is  not  a  PCPO  (we  need  to  add  a  new  least  element  in  order  to 
obtain  a  PCPO).  It  is  common  in  Scott-style  semantics  to  add  that  extra  element  without  even  mentioning  it  when 
dealing  with  PCPOs.  We  will  not  do  that  We  still  clearly  have  that  the  disjoint  union  of  PCPOs  is  a  CPO,  which 


will  be  enough  for  our  purposes. 


As  for  Kleene  s  theorem,  proofs  for  the  preceding  constructions  can  be  found  in  [Schmidt  86]. 

Definition  2.20:  Sub-CPO 

Let  <P.  -  >  be  a  CPO.  P,  is  a  subset  of  P  ,  Px  is  a  sub-cpo  of  P  <=>  restricted  >  is  a  CPO. 

Note  the  following  two  subtleties  about  sub-epos: 

•  In  general,  subsets  of  CPOs  are  not  sub-CPOs  (counterexample:  oh-1,  with  subset:  to). 

•  In  general.  LL'Bs  (of  a  single  chain)  in  a  CPO  and  a  sub-CPO  are  not  necessarily  the  same 
(counterexample  on-2.  sub-cpo:  o>+2  -  [cu],  chain:  (0,1,... )). 

The  following  notion  is  not  as  "standard"  but  very  useful  in  building  "nice"  sub-CPOs,  and  we  will  use  it 
extensively  in  the  rest  of  this  work: 

Definition  2.21:  Strongly  Admissible  predicate  on  a  CPO 

Let  <P,  c  >  be  a  CPO.  Let  o  be  a  predicate  on  elements  of  P .  b  is  Strongly  Admissible  on  P  <=>  V  j 
non-empty  chain  in  P  ,(  V  i  e  I ,  b(X|) )  =>  b(lub  (x^.  j) 

In  other  words,"<5  carries  to  the  lub”.  Note  that  this  property  is  closely  related  to,  but  slightly  stronger  than  the 
notion  of  "admissible"  predicate  in  computational  induction  [Manna  74], 


Theorem  2.22:  "Nice"  Sub-CPOs 

Let  <P.  c  >  be  a  CPO.  let  6  be  a  strongly  admissible  predicate  on  P,  then  Pn  b  =  [  x  e  P  |  b(*)  )  ,  is  a 
sub-CPO  of  P.  and  the  LUBs  of  chains  in  both  domains  are  the  same. 

Proof: 

Immediate  by  def  2.21.  I.e.  we've  defined  "Strongly  Admissible"  to  be  exactly  what  we  needed  for  this  theorem  to 
be  true;  the  work  will  be  in  proving  that  specific  properties  we’re  interested  in  are  in  fact  strongly  admissible. 

K^Thm.  222 

We  now  move  on  to  function  domains.  We  can  easily  extend  the  ordering  of  a  Partially  Ordered  set  to  an 
ordering  on  its  functions: 

Definition  2.23:  Pointwise  function  ordering 

Let  <P  j,  c  ,  >,<P2,£2>  be  POs.f.g  functions: /»,  -»P2,fspointWMeg  <=>  V  x  6  P,  ,  f(x)  c2  g(x) . 

It  is  immediate  that  is  reflexive,  antisymmetric  and  transitive.  The  subscript  "pojntwiie”  is  usually 

dropped  since  the  correct  relation  can  be  inferred  from  context 

Note  that  this  definition  immediately  applies  to  functions  of  arbitrary  arity,  by  considering  them  as  unary 
functions  from  the  product  PO. 

Function  domains  on  CPO:  In  the  literature,  one  usually  finds  a  proof  that  the  set  of  monotonic  functions  on  a 
CPO  is  a  CPO,  or  that  the  set  of  continuous  functions  on  a  CPO  is  a  CPO.  However,  many  more  function  domains 
on  a  CPO  can  be  usefully  built,  as  the  next  few  theorems  show. 

Theorem  2.24:  P^i  is  a  CPO. 

1-et  <P ,.c  j >  ,  <P,,  c2>  be  CPOs,  the  set  of  all  functions  from  P(  to  P2  P2  \  ,  under  the  pointwise  ordering,  is 
a  CPO 
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The  proof  is  fairly  standard  However,  we  give  it  because  we  will  need  to  refer  explicitely  to  the  contruction  of 
the  lub  of  a  funcuon-chain  in  many  other  occasions. 

Proof: 

Assume  [hi]  </>1,c  ,>  CPO,  [h2]  <P2,c2>  CPO,  and  [h3]  (fT  . ,  non-empty  chain  in  P2P'  ■ 

Define  (and  this  is  the  essence  of  the  proof)  f  =  Xx.lub(fj(x))j6  j ,  we  prove  that  1)  f  e  Pp\  and  2)  f  is  lub  (f,),  e  ] . 

1)  Let  x  €  P,  .  arbitrary. 

We  have  Vie  1 ,  f |  c  f1+1 

Vie  I ,  fj(x)  Ci  f,»|(x) 

{  f.(x) ,  |  ,  }  is  a  non-empty  chain  in  P2 
(  f(x) ,  s  ,  )  has  a  lub  in  P2 
and  this  was  done  for  arbitrary  x, 

f  is  a  (well-defined)  function  from  P[  to  P2 

2)  Let  i  e  1  ,  arbitrary. 

We  have  V  x  e  P,  ,  f((x)  c2lub(fj(x))j€  j 

V  x  €  P2 ,  fj(x)  e  2  fix) 
f  c  f 

and  this  was  done  for  arbitrary  i, 
f  is  an  upper  bound  of  (f^  €  t . 

Assume  [h4]  g  e  Pp '  I  Vie  I ,  f (  s  g 
Let  x  e  Pi  ,  arbitrary. 

We  have  V  i  e  I ,  f,(x)  c  2  g(x) 
lub(fj(x))is  j  c2  g(x) 
f(x)c2g(x) 

and  this  was  done  for  arbitrary  x, 
f  e  g 

•  f  =  lub  (f)ie  , 

((]]2 

fnJxhm.  2.24 

As  an  immediate  corollary  we  get: 

Theorem  2.25:  ”  is  a  CPO. 

Let  <P.  c  >  be  a  CPO  ,  the  set  of  all  functions  (of  arity  n)  on  P:  Pp'> ,  under  the  pointwise  ordering,  is  a  CPO. 

As  an  immediate  application  of  the  preceding  theorem  (thm.  2.24)  and  our  notion  of  strongly  admissible 
predicates  (thm.  2.22),  we  get  a  whole  class  of  function  CPOs: 

Theorem  2.26:  Function  domains  on  CPOs 

Let  <P,,c  ,  <P2.  c  2>  be  CPOs.  Let  d  be  a  strongly  admissible  predicate  on  PJ" i ,  then  P2',nO=(fe 

Pzp\  |  d(f)  }  ,  under  the  pointwise  ordering,  is  a  CPO.  And,  the  LUB  of  a  function- chain  in  Pf\r\  &  is  the 
same  as  the  LUB  in  Pp\ 


[[h3]] 

[[  def.  2.23  ]] 
[[  def.  2.4  ]] 
[[b2]] 


[[  def.  2.3,  LUB  =>  Upper  Bound  ]] 
[[  construction  of  f  ]] 

[[  def.  2.23  ]] 

[[def.  2.2  ]] 


[[  h4,  def.  2.23  ]] 
[[def.  2.3  ]] 

[[  construction  of  f  ]] 

[[  def.  2.23  ]] 
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Theorem  2.27:  Corollary:  Monotonic  functions  CPO,  Continuous  functions  CPO 

Let  <P .. c  .  <P,. c  ■>  be  CPOs.  The  following  sets  of  functions,  under  the  pomiwise  ordering,  are  CPOs: 

•  set  of  all  monoionic  functions:  [  P,  — *  P2  ] , 

•  set  of  all  continuous  functions:  (  P,  — »  P,  ) . 


Proof: 

0(f>  =  "f  is  monotonic”  is  strongly  admissible  on  P-f'  '■ 

Assume  [hi]  (f^  •  non-empty  chain  of  monotonic  functions  from  P(  to  P; 


We  have  f  =  Ax.lubff.fx))^  {  =  lub  (f)lg  ( 
Let  x.y  e  Pj  |  x  G  ,  y 
We  have  V  i  e  I ,  f((x)  c  2  fj(y) 
and  V  i  e  I ,  f.(y)  c  f(y) 

Vie  I,fj(x)  c2  f(y) 
lub(fj(x))j6  j  f(y) 
f(x)  c2f(y) 
f  is  monotonic. 


[[  construction  of  lub  of  function-chains  ]] 

[[  hi.  fj  is  monotonic  ]] 

[[  construction  of  f  ]] 

[[  c  transitive  ]] 

[[  def.  2.3  ]] 

[[  construction  of  f  ]] 


^J-*monotonic  itrongly  admissible 

0(f)  =  "f  is  continuous”  is  strongly  admissible  on  P2 i: 

Assume  [h2]  (f  e  l  non-empty  chain  of  continuous  functions  from  Pj  to  P2 

We  have  f  =  Xx.lubffjfxty  6  r  =  lub  (fj)i€  j  [[  construction  of  lub  of  function-chains  ]] 

and  we  already  know  that  f  is  monotonic  [[  by  above  proof  ]] 

Let  (Xj)j  g  ,  chain  in  P, 

We  have  Vje  I ,  x-  g  \  lub  (x^  j  [[  def.  2.3,  LUB  =>  Upper  Bound]] 

V  j  6  I ,  f(x-)  C  2  fdub  (Xj)j  6  j)  [[  f  monotonic  ]] 

. .  LI:  lub<f(x.))j6  j  q2  f(lub  (xpj€  j)  [[  def.  2.3  ]] 

Let  i  e  I,  arbitrary. 

We  have  f(  c  f  [[  f  *  lub  (f^  6  j ,  LUB  =>  Upper  Boun 

V  j  e  I .  fj(Xj)  c2  f(Xj)  [[def.  2.23]] 

and  V  j  e  I ,  f(x.)  G  2  Iub(f(x.))-  e  t  [[  def.  2.3,  LUB  =>  Upper  Bound]] 

V  j  e  I ,  fj(Xj)  c  2  lub(f(x-))-  e  j  [[  S  transitive  ]] 

luKf.C^))^.  c-lubiffXj))^!  [[def.  2.3  ]] 

and  fj(lub  (x^  €  ,)  =  lubff,^)^  g  ,  [[  h2,  f,  continuous  ]] 

fjdub  (Xj)j6  j)  G  j  lub(f(Xj))j  £  ( 
and  this  was  done  for  arbitrary  i, 

V  i  e  I ,  fjOub  (xpj  e  t)  £  2  lubfffxp),  €  t 

lub(fj0ub  (Xj)j  6  ,)),  6  ,  G  2  lub<f(xj))j  €  i  U  def.  2.3  ]] 

and  f(lub  (x^  6  [)  =  lub(f,(lub  (x^  e  j))j  €  ,  [[  construction  of  f  ]] 

•  L2:  f(lub  (xpj6  j)  G2lub<f(xj))j6  I 


f(lub  (xpj6  ,)  =  lubfffx^  6  j 
f  is  continuous. 


[[  f  *  lub  (f^  6  j ,  LUB  =>  Upper  Bound  ]] 
[[  def.  2.23  ]] 

[[  def.  2.3,  LUB  =>  Upper  Bound  ]] 

[[  s  transitive  ]] 

[[  def.  2.3  ]] 

[[  h2,  f  continuous  ]] 


U  def.  2.3  ]] 

[[  construction  of  f  ]] 


[[  lines  LI  and  L2  ]] 


[[]]continuou»  strongly  admissible 
ft^Thra.  2.27 


Other  strongly  admissible  functional  predicates  will  appear  in  the  next  sections. 


This  completes  our  list  of  (slightly  extended)  standard  notions.  We  now  concentrate  on  particular  classes  of 
domains  which  will  be  of  essential  use  later. 


2.2.  Finite  Depth  domains 

Definition  2.28:  Flat  domain 

Let  S  be  an  arbitrary  set.  S±  (read  "S  lifted",  or  "S  bottom")  is  the  PCPO  obtained  by  adding  an  extra  element: 
-  ,  and  the  binary  relation:  q  defined  by:  V  x,y  e  S  .  x  c  y  <=>  x  =  J.  v  x  =  y  . 

It  is  immediate  that  c  is  reflexive,  antisymmetric  and  transitive,  and  that  all  c  -chains  have  a  lub. 

A  picture  of  S_^  is  most  convincing: 

Figure  2-1:  Flat  domain 


J. 


Syntactic  note  about  1 :  the  character  "_L  "  has  no  magical  properties!  In  a  different  context  (such  as  chapter  3), 
we  will  free  to  use  a  different  "least  element"  character  more  appropriate  for  that  context. 

An  essential  property  of  flat  domains  is  that  all  chains  of  distinct  elements  are  finite,  in  fact  they  are  at  most  of 
length  2.  Many  properties  of  flat  domains  (such  as  can  be  found  in  [Manna  74],  chapter  5)  generalize,  often  more 
clearly,  to  arbitrary  CPOs  which  have  this  "finite  depth"  property. 

Moreover,  the  domain  on  which  we  will  base  our  semantics  for  synchronous  circuits  is  a  finite  depth  domain.  We 
have  therefore  isolated  this  property  here,  as  well  as  its  consequences,  so  as  to  distinguish  the  abstract  properties  of 
these  domains  from  the  idiosynchrasies  of  their  application  to  the  semantics  of  synchronous  circuits. 

Definition  2.29:  Finite  Depth  domain  [FD-CPO] 

Let  <P,  q  >  be  a  CPO,  <P,  £  >  is  of  Finite  Depth  <=>  any  chain  in  P  is  a  finite  set. 

An  equivalent  way  of  characterizing  FD-CPOs  is  the  "Accumulation"  property: 

Theorem  2.30:  Accumulation 

Let  <P,  q  >  be  a  CPO,  <P,q>  FD-CPO  <=>  V  (x;)j e  j  non-empty  chain  in  P,  3  io  e  co|  V  i  t  i,j ,  Xj  =  x^ 

(and  therefore  also:  lubfx-)  =  x-  ). 

1  'o 

In  other  words,  there  is  a  finite  index,  after  which  the  chain  is  constant  We  refer  to  if,  as  the  '  accumulation 
point”  and  x^  as  the  "accumulation  value"  (or  "lub"). 


(Should  be  intuitively  clear,  given  for  completeness.) 


=> 

Assume  [hi  ]  <P,  c  >  FD-CPO,  [h2]  (x,),  g  j  arbitrary  non-empty  chain  in  P,  we  prove  the  Accumulation  property 
by  contradiction: 

Assume  that  it  is  false,  we  have:  V  i  e  co.  3  i  >  i  |  q  x;  a  x,  *  x- 

then  we  extract  X=  (xj  )j6  w  .  which  is  a  chain  [[  h2,  and  subset  of  a  chain  is  a  chain  ]] 

and  X  contains  an  infinite  number  of  (distinct)  elements  [[  by  construction  ]] 

X  is  an  infinite  chain  in  P,  contradicting  hi. 

[[]]  => 


<- 

Assume  [hi]  Accumulation  property  holds,  [h2]  fxi)i e  r  arbitrary  chain. 

We  have  if  (x^  j  is  empty,  then  it  is  finite  [[  trivially  ]] 

and  if  (x^  ,  is  not  empty 

then  3  io  £  co  |  V  i  >  ^  ,  x,  =  •  [[  hi ,  h2  ]] 

(xt)j  6  ,  =  (  (x;) ,  i  =  0  ..  io  )  [[set  extension!  ]] 

(x1)1  j  is  a  finite  set. 

and  this  was  done  for  an  arbitrary  chain,  so  P  is  a  FD-CPO. 

[[]] 

f^Thm  .230 

A  few  pictorial  examples  may  help: 

Figure  2-2:  Finite  depth  CPOs 


aa  ab  ba  bb 


({a.bjj)  2 


Examples  of  FD-CPOs  abound:  It  is  obvious  that  any  finite  CPO  is  a  FD-CPO  (and  any  finite  PO  is  a  CPO).  It  is 
also  clear  that  FD-CPOs  can  be  obtained  as  follows. 


Theorem  2.31:  Flat  domains  are  FD-CPOs. 


Proof: 

Immediate. 

MlThm.2.31 


Theorem  2.32:  Product  of  FD-CPOs 

The  Cartesian  product  of  FD-CPOs  is  a  FD-CPO. 

Proof: 

Immediate  with  the  Accumulation  property,  by  taking  the  max  of  the  accumulation  points  for  each  coordinate. 

t^Thm.  2.32 

Theorem  2.33:  Disjoint  union  of  FD-CPOs 

The  disjoint  union  of  FD-CPOs  is  a  FD-CPO. 

Proof: 

Immediate  once  you  notice  that  any  chain  in  the  disjoint  union  is  necessarily  included  in  one  of  the  original  sets. 

f  f^Thm.  2.33 

Finite  Depth  has  interesting  consequences  regarding  continuity  issues,  both  for  functions  and  functionals: 


Theorem  2.34:  Monotonic  =>  Continuous  in  FD-CPOs 

Let  </’1,c  j>  ,  </>2,s2>  be  FD-CPOs,  f  a  function  firom  Fj  to  ,  f  monotonic  =>  f  continuous  . 

Proof: 

Should  be  intuitively  clear.  Given  here  for  completeness. 

Assume  [hi]  <Fj,c  t>  FD-CPO,  [h2]  <P2,c2>  FD-CPO,  [h3]  f  a  monotonic  function:  F,  — »  P2  ,  [h4]  (Xj)i6  j 
non-empty  chain  in  F  j  . 

We  have  3^6  to  |  V  i  >  i^  ,  x(  =  x^  =  lub  (Xj)i6  j  [[  hi,  thm.  2.30  ]] 

We  have  fix;),;  ;  non-empty  chain  in  F2,  [[  h3  and  h4  ]] 

3  i,  e  co  |  V  i  >  i,  .  f(Xj)  =  f(x,  )  =  lub(f(xf))ie  ,  [[  h2,  thm.  2.30  ]] 

Let  j  s  max^i,) 

We  have  =  lub  (xj)j  e  :  a  f(xp  =  lubfffXj));  €  j 
f(lub  (Xj)j6  ,)  =  lub(f(x,))i6  , 
f  is  continuous. 

tt^Thm.  2.34 

Our  result  about  functionals  is  a  generalization  of  [Manna  74]  theorem  5.1  ,  which  states  that  functionals  (on 
monotonic  functions,  of  arity  n)  on  a  flat  domain,  defined  by  composition  of  monotonic  functions  (of  arity  n)  and  a 
function  variable  "F\  are  continuous. 


Besides  separating  what  is  tiue  in  any  CPO  from  what  depends  essentially  on  the  finite  depth  property,  we 
generalize  the  result  in  three  ways: 

•  To  apply  to  FD-CPOs  instead  of  just  flat  domains, 

•  To  allow  functions  of  any  arity  in  tie  construction  of  the  functional,  as  long  as  an  ties  match.  This 
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technicality  corrects  the  fact  that  the  theorem  as  stated  by  Manna  does  not  even  apply  to  the  functional 
defining  "factorial". . 

•  To  apply  to  functionals  on  any  sub-cpo  of  the  set  of  monotonic  functions  (another  technicality  which  we 
will  require  in  order  to  apply  this  result  for  our  purposes  in  the  next  section). 

The  fust  theorem  applies  to  any  CPO,  independently  of  finite  depth  considerations: 

Theorem  2.35:  Continuous  functionals  on  a  CPO 

Let  <P.  c  >  be  a  CPO.  if  x  is  a  funcuonal.  on  continuous  functions:  (  P  "  — »  P )  defined  by  (arity-correct) 
composition  of  continuous  functions:  (  — »  P  )  for  any  men,  and  the  function  variable  "F\  then  x  is 

continuous. 

Our  proof  is  similar  in  structure  (induction  cases)  to  [Manna  74] 's  (partial)  proof  in  the  flat  domain  case,  but 
different  in  detail  since  we  do  not  mingle  considerations  of  "finite-depth”  (accumulation  property). 

Proof: 

The  proof  is  by  structural  induction  on  t.  There  are  4  cases.  In  each  case  we  have  to  check  that 
t  is  closed  (i.e.  yields  continuous  functions  when  fed  a  continuous  function  as  input), 

X  is  monotonic, 

x  preserves  lubs  of  function-chains. 

[Base]  case  1 :  x  =  XF.g  ,  with  g  continuous  function:  P  n  — * 
x  closed:  immediate, 
x  monotonic:  immediate 
X  preserves  lubs  of  function-chains:  immediate 

[(1L, 

[Base]  case  2:  x  =  XF.F . 
x  closed:  immediate 
x  monotonic:  immediate 
x  preserves  lubs  of  function-chains:  immediate 

[DUt 

[Induction]  case  3:  x  =  XF.g.(x,(F),..,xm(F)) ,  with  g  continuous  function:  Pm  — >  P 
x  closed:  immediate  [[  thm.  2.1 1,  induction  hyp.  on  X]..xm  ]] 

x  monotonic: 

Let  fj,f2  continuous  functions:  Pn  -*  P  ]  fj  £  f2 

We  have  V  j  e  ( l..m]  ,  x^f,)  £  xfa)  [[  Zj  monotonic,  induction  hyp.  ]] 

V  x  e  P  "  ,  V  j  €  { l..m )  ,  (Xj(fj)Xx)  £  (Xj(f2)Xx)  [[  def.  2.23  ]] 

V  X  €  Pn,  g[(X,(f1)Xx),..,(Xm(f1)Xx)]  C  g[(T,(f2)Xx)...,(Tm(f2)Xx)] 

[[  g  monotonic,  thm.  2.9  ]] 

x(f,)  £  x(f2)  [[  def.  2.23,  definition  of  x  ]] 

x  preserves  lubs  of  function-chains: 

Let  (f^  j  non-empty  chain  of  continuous  functions:  Pn  — >  P  . 

We  have  V  j  6  ( 1  ..m )  ,  Xj(lub  (f^  6  j)  =  lub[xj(fi)]j  6  j  [[  Xj  continuous,  induction  hyp.  ]] 

.-.  LI:  V  x  g  P",V  j  e  [l..m]  ,  (XjOubCf;^  I)Xx)  =  lub[(xj(fi)Xx)]i6  j 

[[  construction  of  lub  of  function-chains  ]] 

Let  x  e  #»".  arbitrary. 

We  have  (x(lub  (f,)j€  t)Xx)  =  g((XiOub  (fj)i6  ])Xx),..,(xmGub  (f;)i6  j)Xx)) 


[[  constant  fun.  (in  any  PO)  is  monotonic  ]] 

[[  constant  fun.  (in  any  CPO)  is  continuous  ]] 


[[  Identity  is  always  closed  on  any  set!  ]] 
[[  Identity  (in  any  PO)  is  monotonic  ]] 

[[  Identity  (in  any  CPO)  is  continuous  ]] 


=  g(lub[(x,(f,))(x)]l€  |,...lubf(Tm(fj)Xx)]i6  j) 

...  =lub[g((T1(ft))(x),...(Tm(fl)Xx))]ieI 

...  =lub[(t(fi)Xx)]16l 
...  =(lub[T(f1)]iei)(x) 

and  this  was  done  for  arbitrary  x, 

T(lub(f1)l6,)  =  lub[T(fj)]l€, 

[DL, 

[Induction]  case  4:  x  =  AF.F0(x,(F),..,xn(F)) . 
x  closed:  immediate  [[  thm.  2.1 1,  induction  hyp.  on  Xj..xn  ]] 

x  monotonic: 

Let  fpfj  continuous  functions  odP  n  |  fj  c  f2 

We  have  V  j  e  ( l..n)  ,  Xj(f,)  c  Xj(f2)  [[  z-  monotonic,  induction  hyp.  ]] 

Vx  e  P",Vj  e  { l..n)  , (tj(f,))(x)  c  (x^tyXx)  [[def.2.23]] 

V  x  €  P  n  ,  f2[(x,(fI)Xx),..,(xn(f1)Xx)]  c  f2[<x1(f2)Xx),..,(xn(f2)Xx)] 

[[  f2  monotonic,  thm.  2.9  ]] 

and  V  x  e  PD  ,  f1[(x1(f1))(x),..,(xn(f1)Xx)]  £  f2[(x1(f,)Xx),..,(xn(f1)Xx)] 

[[f,  Q  f2]] 

V  x  e  P"  ,  f1[(xI(f,)Xx),...(xn(f1)Xx)]  £  f2[(x1(f2)Xx),...(xn(f2)Xx)] 

[[  £  transitive  ]] 

x(fj)  £  x(f2)  [[  def.  2.23,  definition  of  x  ]] 

x  preserves  lubs  of  function-chains: 

Let  (f^  6  j  non-empty  chain  of  continuous  functions  on  P  D. 

We  have  V  j  e  { l..n)  ,  Xj(lub  (fj)je  ,)  =  lub[Xj(f))]j€  j  [[  Xj  continuous,  induction  hyp.  ]] 

L2:  V  x  e  P  “  ,  V  j  6  { l..n }  .  (x^lub  (f,), €  ,)Xx)  =  lubUx/f^Xx)];  6  x 

[[  construction  of  lub  of  function-chains  ]] 

Let  xe  f",  arbitrary. 

We  have  (x(lub  (fj);  €  ,))(x)  =  Gub  (fj);  6  jX(x,Gub  (fj);  e  ,))(x),..,(xnaub  (fj)j  6  ,))(x)) 

[[  definition  of  x )] 

=  lub{fj((Xj(lub  (fj)i€  j)Xx),..,(xnGub  (f;)i€  I)Xx))}i6  j  [[  construction  of  lub  of  function-chains  ]] 

...  =lub{fj(lub[(x1(fj)Xx)]i€j,..4ub[(xn(fj)Xx)]jeI)]ieI  [[  line  L2  ]] 

=  lub { lub[fj((x , (fj)Xx),..,(xn(fj)X.x))] j E  [), 6  ;  [[  f;  continuous  ]] 

...  =  lub[fj((x,(fj)Xx),..,(xn(fj))(x))]j6  !  [[  lubie  ,(lubje  ,(.))  =  lubi6  ,(.)  ]] 

...  =  lub[(x(fj)Xx)]j ,  j  f[  definition  of  x  ]] 

=  (lub[x(f;)]j  6  j)(x)  [[  construction  of  lub  of  function-chains  ]] 

and  this  was  done  for  arbitrary  x, 
x(lub  (f,)ieI)  =  lub[x(fi)]ieI 

[[]]c«je  4 
tm-n™.  2.35 

Combining  thm.  2.34  and  thm.  2.35,  we  immediately  get  the  result  for  Finite  Depth  CPOs: 

Theorem  2.36:  Continuous  functionals  on  a  FD-CPO 

Let  <P,  q  >  be  a  FD-CPO,  if  x  is  a  functional,  on  monotonic  functions:  [  P  n  — >  P  ],  defined  by  composition  of 
monotonic  functions:  (  Pm  — >  P  ]  for  any  m  e  co  ,  and  the  function  variable  "F\  then  x  is  continuous. 


[[  definition  of  x  ]] 

[[line  LI  ]] 

[[  g  continuous  ]] 

[(  definition  of  x  ]] 

[[  construction  of  lub  of  function-chains  ]] 


And  finally,  noting  that  the  proof  of  thm.  2.35  carries  through  to  functionals  defined  on  a  sub-cpo  of  the  set  of 
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monotonic  functions,  as  long  as  we  assume  that  they  are  closed  on  that  sub-cpo,  we  get  our  final  result: 


Theorem  2.37:  Continuous  functionals  on  a  FD-CPO  ,  general  version 

Let  <P.  c  >  be  a  FD-CPO.  if  x  is  a  functional,  on  any  sub-cpo  of  the  set  of  monotonic  functions:  [  P"  — »  P  ] , 
closed  on  that  sub-cpo,  defined  by  composition  of  monotonic  functions:  [  Pm  — >  P  ]  for  any  m  e  co ,  and  the 
function  vanable  "F\  then  x  is  continuous. 


-^Generalization  of  (Manna  74]  Thm  5.1 


Note  that  this  theorem  (or  thm.  2.36)  are  not  true  in  arbitrary  CPOs,  as  the  following  simple  counterexample 
shows: 

Counter-example: 

Let  P  =  CD+1,  with  the  standard  (ordinal  order)  <  ,  P  is  a  CPO. 

Let  g  =  \x.(if  x  =  a)  then  1  else  0) 

We  have  g  monotonic  [[  immediate  verification  ]] 

Let  x  =  AJF.  g«F ,  x  is  a  functional  defined  by  composition  of  monotonic  functions  and  the  function  variable  "F\ 

Let  f  =  Xx.i  (i.e.  the  constant  function:  i),  V  i  e  co  . 

We  have  Vie  co  ,  f,  is  monotonic  [[  constant  functions  are  monotonic  ]] 

and  Vie  co  ,  f,  <  f^,  ,  i.e.  (fj)I€  m  chain  [[  immediate  ]] 

and  lub  (fi)i  g  m  =  Lx.co  [[  immediate  verification  ]] 

T(lub(f,)ie  J-Xx.1 
We  have  V  i  e  co  ,  T(f,)  =  tat.O 
lub(X(f,))t  e  ju  =  Xjc.O 
tdub(fi)it  J  ^lubfKfj)),^ 

^^counter-example 


2.3.  Strings  of  a  domain,  and  String  Induction  Algebra 


A  particular  construction  on  domains  which  we  have  found  useful  in  our  semantics  is  the  domain  of  (finite) 
Strings  on  a  domain.  It  is  also  from  these  domains  that  we  noticed  the  generalizations  from  flat  domain  to  finite 
depth  domain. 


As  in  the  previous  section,  we  study  the  properties  of  String  domains  independently  of  their  application  to  the 
semantics  of  synchronous  circuits  so  as  to  separate  the  general  from  the  particular.  (This  also  has  the  advantage  of 
keeping  the  overall  notation,  and  hence  proofs,  simpler.) 


Definition  2.38:  Strings  of  a  partial  order 

Let  <P,  c  >  be  a  PO,  P  *  =  u  <P  ')j  6  ^  with  the  induced  ordering,  is  a  PO  (disjoint  union  of  cartesian  products 
of  a  PO).  We  call  it:  Strings  of  P. 


Recall  that  when  forming  the  disjoint  union  we  are  not  adding  any  new  elements  (cf  thm.  2. 19). 


Once  again,  a  picture  helps. 


Figure  2-3:  Strings  on  a  flat  domain 


They  key  fact  about  the  String  construction  is  that  it  preserves  the  "niceness"  of  the  underlying  domain,  to  a  great 
extent: 

Theorem  2.39:  Strings  on  a  CPO 
<#*,c>isaCPO  =>  <P  *,s>  is  a  CPO. 

Proof: 

Immediate  by  thm.  2.17  and  thm.  2.19. 

minim  .239 


and  most  importantly: 

Theorem  2.40:  Strings  on  a  FD-CPO 

<P.  c >  is  a  FD-CPO  =>  <P  *,c>  is  a  FD-CPO. 

Proof: 

Immediate  by  thm.  2.32  and  thm.  2.33. 

minim.  2.40 

Note  however  that  the  String  construction  does  nor  preserve  "pointedness"  (i.e.  PCPO).  In  fact,  we  have  a  stronger 
statement  to  the  contrary: 

Theorem  2.41:  Strings  do  not  have  a  least  element 


Let  <P,  c  >  be  a  PO,  P  non-empty  =>  <P  *,c>  has  no  least  element. 

Proof: 

Assume  [hi]  <P,c>  PO.  [h2]  P  non-empty 
Let  e  be  the  empty  stnng  ( e  P  *) 

We  have  V  x  e  P  *  ,  [cl ](  x  c  £  =>  x=e  )  a  [c2](  e  c  x 

Let  a  e  P 

We  have  a  €  P  *  (string  of  length  1,  containing  the  element  a) 

Assume  1.  least  element  of  P  * 
then  Ice  and  _L  c  a 
l  =  e 
£  c  a 

e  =  a,  which  is  a  contradiction. 

2.41 

This  point  was  mostly  made  to  bring  out  the  fact  that  we  are  not  studying  the  "usual"  domain  of  strings  under  the 
prefix  ordering  (for  which  e  is  a  least  element),  instead  we  are  constructing  the  String  domain  of  an  arbitrary  PO, 
under  the  induced  ordering. 

The  junction  with  "usual"  strings  will  now  be  made,  but  the  preceding  remark  will  still  be  valid  for  the  rest  of  this 
woric. 

We  consider  the  usual  (slightly  extended)  string  structure  on  P  *: 

<P  *,  e,.,l  l,S,.,lastO,abl(),lst(),rst(),T,l,0> 

Definition  2.42:  String  structure 

•  E  :  -»/**,  (constructor)  empty  string. 

•  .  ;  Add  :  P  *  x  P  -♦  P  *  ,  (constructor)  add  a  character  (to  the  right). 

•  II:  Length  :/*•-»  to ,  length  of  a  string.  (We  assume  the  integers  are  included  in  P,  or  are  encodable 
in  it,  cf.  [Moschovairis  71].) 

Defined  by:  ( lei  =  0  )  a  ( lx.ul  =  Ixl  +  1  ) 

•  <  :  Prefix  P  *  x  P  *  — »  (T.F)  ,  prefix  relation  on  strings. 

Defined  by:  (  x  5  E  <=>  x  =  e  )  a  (  x  5  y.u  <=>  x  =  y.u  v  x  <  y  ) 

•  .  :  Concatenate  :  P  *  x  P  *  — >/**,  concatenate  two  strings.  We  overload  the  symbol  since  we  will 
identify  characters  and  strings  of  length  1.  We  will  also  sometimes  omit  the  all  together,  when  no 
confusion  can  result. 

Defined  by:(x.e  =  x)  a  (x.  (y.u)  =  (x  .  y).u  ,  where  the  preceding  "u”  means  "Add"  ) 

•  last() :  Last  :P*  -*  P  (destructor,  partial) ,  last  character  of  a  string. 

Defined  by:  last(x_u)  =  u 

•  abl() :  All-But-Last  P*  — >  P  *  (destructor,  partial) ,  all  characters  of  a  string  but  the  last  one. 

Defined  by:  abl(x.u)  =  x 

•  lst() :  First :  P  *  -*  P  (derived  destructor,  partial) ,  first  character  of  a  string. 

Defined  by:  lst(u.x)  =  u 

•  rst() :  Rest :  P  *  -»  P  *  (derived  destructor,  partial) ,  all  characters  of  a  string  but  the  first  one. 

Defined  by:  rst(u.x)  =  x 

•  T  :  'To  the  power"  :  P  x  o>  — »  P  *  ,  make  a  string  by  Adding  the  same  character  a  certain  number  of 


=>  X=E ) 

[[  c  is  induced  coordinatewise  ordenng]] 
[[  h2  ]] 


[[  cl  and  Ice]] 
[[lea]] 

[[  c2  ]] 
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time. 

Defined  by:  u ! n  =  uu..u  "n  times  ”,  or  formally:  (  ut°  =  e  )  a  (u^1”-1  =  uTn  u  ) 

•  ■!  :  "At  index/position"  :  P  *  x  a)  — >  P .  extract  a  character  from  a  string  . 

Defined  by:  Let  n  =  Ixl ,  x  =  xJ-jX^,- -x^n  .  We  also  use  4-  with  2  arguments  to  extract  substrings: 
x-L,  denotes  the  corresponding  substring  of  x  if  i  <  j  <  n  ,  £  otherwise,  (x  =  xi[  )  .  The  formal 

(recursive)  definition  is  messy  and  uninteresting. 

•  0  :  ©  is  to  (add)  in  string  theory,  what  I  is  to  ”+"  and  what  n  is  to  "  x "  in  number  theory, 
i.e.  =  u,u2..un,  where  u,  is  any  character  expression 

Formally:  (0“lU,  =  e)  a  (  u,  =  (0£,u,) .  un+, )  . 

We  also  allow  ourselves  to  expand  this  structure  with  additional  (derived)  operations  whenever  needed. 

Terminology  notes: 

There  are  a  few  basic  string  operations  which  are  well-known  in  the  literature:  [Landin  65],  [Burge  75], 
[Friedman- Wise  76]  and  [Manna- Waldinger  85]  among  many  others.  However,  there  are  no  consistent  notations. 
We  have  therefore  used  our  own,  which  we  have  tried  to  keep  simple,  and  meaningful  relative  to  the  use  we  will 
have  for  them  (describing  synchronous  system  semantics). 

The  notation  used  for  subscripting  is  taken  from  [Mason  86]  and  [Talcott  85],  Even  though  it  is  "heavier"  than 
simple  subscripting,  it  allows  subscripted  string  variables  by  differentiating  between  x,  Xj  (strings)  and  x-l.,  Xjj-, 
(characters).  [Note:  if  no  confusion  can  result,  i.e.  in  a  context  where  no  subscripted  string  names  are  used,  then  it  is 
reasonable  to  omit  the  arrow.] 


Theorem  2.43:  Prefix 

There  is  an  equivalent  definition  of  the  Prefix  relation  which  we  will  sometime  use:  V  x,y  e  P  *  ,  x  <  y 
<=>  3  z  e  P  *  |  y  =  x.z  . 

Proof: 

Immediate  induction. 

Ml-Thm.  2-43 

We  now  study  various  function  domains  on  string-CPOs: 

Let  <P j*,  q  j>  ,  <P j*,  S  2>  be  string-CPOs,  it  is  immediate  from  thm.  2.24  and  thm.  2.27  that: 

•  P 2r* :  all  functions  from  Pj*  to  P2*  • 

•  [  P*  -*  P2 *  ]  ■  all  £ -monotonic  functions  from  P,*  to  P2*  , 

•  ( P,  *  — >  P2*  ) :  all  q  -continuous  functions  from  P{  *  to  P2*  , 
are  CPOs. 


There  are  however  other  classes  of  functions  which  are  meaningful  only  in  the  string  structure,  and  we  are 
interested  in  two  such  classes: 


Definition  2.44:  Length-Preserving  [LP]  function 

Let  f  be  a  function.  Pj* P2*  ,  f  is  Length-Preserving  [LP]  <=>  V  x  e  P,*  ,  I  fix)  I  =  I  x  I 

Definition  2.45:  5- monotonic  function 

Lei  f  be  a  function:  P(* —»  P2*  ,  f  is  < -monotonic  <=>  Vx.ye  P(*,r<y  =>  fix)  <  fiy) 
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Pronunciation  note:  c-monotomc  can  be  read  "L-monotonic"  (short  for  "less-defined-than-monotonic  ).  And 
<-monotonic  can  be  read  "P-monotonic"  (for  "prefix-monotonic"). 

Theorem  2.46:  LP  preserved  by  composition 

Let  <P{*,q  , >  .  <P2m.o2>  and  <P3*,  c3>  be  stnng-CPOs.  Let  f  :  P(*  P2*  and  g  :  P2*  P3*  ,  f  and  g 

are  LP  =>  g  o  f  :  P,*  -»  P3*  ,  is  LP 

Proof: 

Immediate  verification 

tnilhni.2.46 


Theorem  2.47:  < -monotonic  preserved  by  composition 

Let  <P ,*.£,>  .  <P2*,c,>  ttnd  <P3*,c3>  be  stnng-CPOs.  Let  f :  P|*  — »  P2*  and  g  :  P2 *  — >  P3*  ,  f  and  g 
are  <-Monotoruc  =>  g »  f :  P,*  — »  P3*  ,  is  < -Monotonic 

Proof: 

Immediate  verification. 

tni-rhm.2.47 

Both  LP  and  < -monotonic  are  in  some  sense  "natural"  properties  for  string  of  Finite  Depth-CPOs,  as  the 
following  theorems  indicate. 

Theorem  2.48:  LP  is  strongly  admissible  on  FD-CPOs 

Let  <P,,c  ,>  ,  <P2.  c:>  be  FD-CPOs, "  f  is  LP  "  is  strongly  admissible  on P2*^i*  ■ 

Proof: 

Assume  [h  1  ]  <P, ,  c  ,  >  and  </%,  c  2>  are  FD-CPOs,  [h2]  (f()ie  ,  non-empty  chain  of  LP  functions  from  P,  *  to  P2* 

We  have  f  =  Lx.lub(f,(x))i  6  j  =  Iub  (f-),  €  , 

Let  x  6  P,*.  arbitrary 
We  have  P2*  FD-CPO 
and  (f,(x)),  €  [  non-emptychain  in  P2 

n  ^  6  to  |  V  i  2  io  ,  f-i(x)  =  f^(x)  =  lub(fj(x))16  l 

f(x)  *  f  (X) 

"c 

lf(x)l  =  If  (x)l 

and  If  (x)l  =  Ixl 
*0 

lf(x)l  =  Ixl 

and  this  was  done  for  arbitrary  x, 
f  is  LP  . 

[UlThm.  2.4« 

Theorem  2.49:  < -monotonic  is  strongly  admissible  on  FD-CPOs 

Let  <P,.c  ,>  ,  <P2,c  2>  be  FD-CPOs, "  f  is  < -monotonic  "  is  strongly  admissible  on  P^i*  • 

Proof: 

Assume  [hi]  <P,, c  ,>  and  <P2, c  2>  are  FD-CPOs,  [h2]  (f,),  €  1  non-empty  chain  of  <, -monotonic  functions  from 
P,*toP2* 


[[  construction  of  lub  of  function-chains  ]] 

[[  hi,  and  thm.  2.40  ]] 
t[  h2  ]] 

[[  thm.  2.30  ]] 


[[  f.  LP,  h2  ]] 

'o 


We  have  f  =  Xx.luWf/x))^  j  =  lub  f 
Let  x.y  e  P,*  |  [h3]  x  <  v  , 

We  have  P„*  FD-CPO 

and  ( f  (x  ))i  j .  ( f,(y)\  ,  non-empty  chains  in  P,* 

:  i0  €  to  |  V  i  >  io  .  f-i(x)  =  f^(x)  =  lubff,(x))je  , 
and  5  i,  e  0)  |  V  i  >  i,  ,  f-i(y)  =  f,  (y)  =  Iub(fi(y))i e  , 

Let  j  =  max(  i^  ,  i,  ) 

We  have  fix)  =  f,(x)  and  f(y )  =  f.(y) 
and  f  (x)  <  fj(y ) 
fix)  <  f(y) 
f  is  < -monotonic 

ttllThm.2.49 


[[  construction  of  lub  of  function-chains  ]] 

[[  hi,  and  thm.  2.40  ]] 

[[  b2  ]] 

[[thm.  2.30]] 

[[thm.  2.30  ]] 


[[  h3,  fj  < -monotonic,  h2  ]] 


tt  is  also  obvious  that  if  6 ,  is  strongly  admissible  on  P  ,  and  62  is  strongly  admissible  on  P  ,  then  <b  t  a  d>2  is 
strongly  admissible  on  P. 


Therefore  we  get: 


Theorem  2.50:  Function  domains  on  Strings  of  FD-CPOs 

Let  <PV  c  j>  ,  <P2,  c2>  be  FD-CPOs,  n  where  <t>  is  any  conjunction  of 

•  c -monotonic 

•  LP 

•  < -monotonic 

is  a  CPO,  in  which  the  lub  of  function-chains  is  unchanged. 

Proof: 

Immediate  by  thm.  2.22  (sub-CPOs)  and  thm.  2.27  (for  c -monotonic)  ,  thm.  2.48  (for  LP)  ,  and  thm.  2.49  (for 
< -monotonic). 

tnw  2.50 

When  trying  to  extend  the  notion  of  Length-Preservation  to  functions  of  arity  >  1  ,  we  find  that  the  standard 
cartesian  product  of  string  domains  is  inappropriate.  Instead  it  makes  sense  to  define  LP  on  functions  with 
arguments  all  of  the  same  length.  We  therefore  define  the  following  product  on  string  domains: 

Definition  2.51:  String  Cartesian  Product 

Let  <P|*.  c  |>  .  <P2*,c2>  be  string-CPOs,  we  define  their  string  cartesian  product  to  be:  P,*  xP2*  =  [(x.y) 

5  P,*x  P2*  |  Ixl  =  lyl  1  ,  with  the  standard  (induced)  coordinate- wise  ordering. 

One  way  to  think  about  this  product  is:  Pf*  x_  ?i*  “  (Pj  x  P2)’  ,  up  to  tr  reformations  from  tuples  of  strings 
to  stnngs  of  tuples  and  vice-versa.  Also,  our  definition  is  meaningful  in  the  category  of  string-domains,  as  it 
does  not  refer  to  the  domains  underlying  the  strings. 

Notation:  P-=Px_.x_P.n  times.  And  if  x  denotes  an  element  of  P  ,  then  x  will  denote  an  element  of  P-  ; 
the  underline,  instead  of  the  usual  overline,  is  intended  to  recall  that  x  is  a  tuple  of  elements  of  equal  length. 

We  can  then  immediately  generalize  the  notions  of  Length-Preservation,  S -monotonicity  and  q  -monotonicity  to 
functions:  P*  _x ...  x :_Pn •  — ►  PQ*  .  thm.  2.50  also  immediately  generalizes  to  such  functions. 


For  our  purposes  in  giving  semantics  to  synchronous  circuits,  we  are  interested  in  functions  (of  various  arities)  on 


P  *  which  are  c  -monotonic.  <  -monotonic  and  Length-Preserving  and  defined  by  recursive  systems  of  continuous 
functionals  on  them  We  therefore  develop  here  the  Stnng  Induction  Algebra  of  a  domain  P  : 


Definition  2.52:  MLPPn 

Let  <P,  c  >  be  a  FD-CPO  .  MLPPji  is  the  subset  of  the  set  of  functions  from  P  *  2  to  P  *  defined  by  :  MLPpn  = 

P  *p  *  -  n  ( c  -monotoruc  a  < -monotonic  a  Length-Preserving) .  together  with  the  standard  (induced) 
pointuise  function  ordering. 

It  is  an  immediate  application  of  Thm.  2.50  that  MLPp  n  is  a  CPO,  and  is  a  "nice'  sub-epo  of  the  set  of  monotoruc 
functions.  However,  by  combining  all  3  properties,  we  now  get  an  additional  property:  Even  if  P  has  a  least 
element,  P  *p  *  °  does  not  have  a  least  element  (because  no  stnng  is  less  than  all  others  according  to  the  pointwise 
ordering).  However,  if  P  has  a  least  element,  then  so  does  MLPp^.  as  is  shown  below. 


leorem  2.53:  MLPPn  is  a  PCPO 

Let  <P,  c  >  be  a  FD-PCPO  MLPp^  is  a  PCPO  with  least  element:  Q  =  X  x  .1 T1  i 1 ,  and  is  a  sub-epo  of  the 
set  of  monotonic  functions:  l  P  n  — »  P  ],  in  which  the  lub  of  function-chains  is  unchanged. 


Proof: 

Let  Fe  MUP^  .  x  e  P*-  arbitrary,  let  k  =  1  x  I 
We  have  F(x)  =  yili; 
and  Q(  x  )  =  1  Tk 

Vie  { 1 .  Jk }  ,  J_  c  yij 

Vi  e  {’  ki  .Q  c  F(x)i, 

Q(  5  )'"'£> 

and  this  was  done  for  arfci’^’v  x  and  F, 

Q  is  least  element. 

tni-rhro.  2.53 


[[  F  is  LP  ]] 

[[  definition  of  Q  ]] 

[r  definition  of  JL  !  ]] 

[[  definition  of  order  on  strings  1] 


We  can  now  construct  our  string  induction  algebra: 


Theorem  2.54:  MLPp  Continuous  String  Induction  Algebra 

Let  <P,  s  >  be  a  FD-PCPO,  and  let  (F,),  s  x  be  functions  in  MLPp<n  . 

Let  MLPp  =  <  ( MLPpJn  f  „  .  F  [(F,),  €  ,]  >  where  F  [(F),  E  j]  is  the  least  set  of  functionals  containing: 

•  the  functionals  Fj«  =  X  f.  Fj «  f ,  for  i  e  I .  (Or  X  fj.  -.f^  .  (X  x  .  Fj(f|(x),..,fn(x))  in  the  general  case.) 

•  the  identity  functionals, 

and  closed  under  composition  with  projections,  then: 

MLPp  is  an  induction  algebra  (cf.  def.  2.15)  and  all  functionals  in  F  are  continuous. 

Proof: 

Domain  requirement: 

We  have  V  n  e  oi .  MLPP  n  is  a  PCPO.  [[  thm.  2.53  ]] 

fD^domiin  req. 

We  still  have  to  prove  that  all  the  functionals  in  F  are  closed  (i.e.  really  yield  a  function  in  MLPPn  for  some  n)  and 
are  continuous. 

Closed: 

We  have  Vie  I ,  F,  e  MLPPjl  .  K  hypothesis  ]] 
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and  c  -monotonicity,  < -monotonicity  and  LP  are  preserved  by  composition 

[[  thm.  2.10.  thm.  2.47  and  thm.  2.46  ]] 

Vis  I.  Ft.  is  closed. 

and  the  identities  and  projections  are  closed  [[  immediate  J] 

their  compositions  are  closed. 

[[-^closed 

Continuous,  (this  is  where  we  use  our  generalization  of  [Manna  74]  Thm  5.1  :  thm.  2.37) 


We  have  P  is  a  FD-PCPO 
and  MLPp^  sub-epo  of  [  P  n>  — >  P  ] 
and  Vis  I ,  F(  c  -monotonic 
and  Vis  I ,  Fj0  closed 

V  i  s  I .  Fj(,  continuous! 

and  the  identities  and  projections  are  continuous 
their  compositions  are  continuous. 


[[  hypothesis  ]] 
[[thm.  2.53  ]] 

[[  F,  s  MLPp^  ]] 
[[  above  ]] 

[[  thm.  2.37  ]] 

[[  immediate  ]] 
[[thm.  2.11  ]] 
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3.  Semantics  of  Synchronous  Circuits 
3.1.  Informal  view 

The  key  to  our  work  is  to  understand  what  a  synchronous  circuit  is,  as  a  mathematical  object.  The  goal  of  this 
section  is  to  guide  you  through  the  evolution  of  thoughts  which  led  to  the  final  product,  and  informally  convince  you 
of  its  appropnateness. 

The  final  product  itself  is  described  in  exacting  precision  in  the  rest  of  this  chapter.  In  this  first  section,  we  have 
tried  to  maximize  simplicity,  and  minimize  the  use  of  mathematics...  We  are  also  assuming  no  prior  knowledge  of 
history- functional  semantics  such  as  [Kahn  74],  [Johnson  84]  and  [Kloos  87]  .  More  advanced  readers  should  bear 
with  me,  or  simply  skip  this  informal  section. 


3.1.1.  First  basic  intuition  (circuit  as  a  black  box) 

Consider  as  a  start  a  combinational  circuit,  i.e.  a  circuit  with  no  memory  (no  registers  and  no  feedback  loops). 
Assume  that  the  values  which  can  appear  on  the  wire  are  binary  digits  (True  and  False),  then  we  can  identify  the 
circuit  with  a  boolean  function.  This  is  commonly  done  in  all  circuit  design  textbooks.  In  fact  we  can  easily  move 
from  binary  digits  to  natural  numbers  for  example,  and  identify  more  general  combinational  circuits  with  functions 
on  these  numbers. 

Abstracting  slightly,  consider  that  the  values  on  the  wires  belong  to  an  arbitrary  set:  £  ,  we  can  identify  a 
combinational  circuit  with  a  function  from  £  to  £  . 

Once  we  introduce  memory  (or  state)  in  the  forms  of  feedback  loops,  or  registers,  things  are  not  so  simple.  For 
example,  consider  a  running  sum  sequential  circuit  (which  accumulates  the  sum  of  all  the  inputs  it  has  seen).  It  is 
pictured  below,  with  the  square  representing  a  register  (initialized  with  0)  and  the  circle  representing  an  adder. 

Figure  3-1:  Running  Sum  Circuit 


For  this  example,  we  have  £  =  the  set  of  natural  numbers.  Assume  the  first  number  we  present  is  3.  the  output  is 
3.  The  next  number  we  present  is  5,  the  output  is  now  8.  The  next  number  we  present  is  5  again,  the  output  is  now 
13.  Clearly,  we  can  no  longer  identify  this  circuit  as  a  function  on  the  natural  numbers,  since  it  produced  a  different 
answer  on  the  same  input  number. 

The  solution  to  this  problem  is  to  consider  the  sequence  of  all  inputs,  and  the  sequence  of  outputs;  in  our  case: 
3.5.5  — >  3.8.13  .  If  we  ever  replay  the  same  sequence  of  inputs  (from  the  start)  then  we  will  get  the  same  sequence 


it 
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of  outputs. 

In  other  words,  a  sequential  circuit  can  be  identified  with  a  function  from  sequences  of  values  in  £  to  sequences  of 
values  in  I.  These  sequences  being  finite,  we  refer  to  them  as  "strings”,  and  the  set  of  strings  on  I  is  called:  I*  . 

Note  that  a  combinational  circuit  identified  with  a  function  f:  X  -*  £  can  be  identified  in  this  context  as  the 
"memory-less"  function:  f*  which  to  the  input:  a.b.c  assigns  the  output:  f(a).f(b).f(c)  .  (In  comparison,  the 

function  which  corresponds  to  our  register:  Rq,  assigns:  0.a.b  to  the  input  string:  a.b.c)  . 

Therefore  our  conclusion  at  this  point  is  that  any  synchronous  circuit  can  be  identified  with  a  function  from  X*  m 
X*  which  we  will  call  a  string-function. 

However,  the  string-functions  associated  with  synchronous  circuits  have  two  additional  (and  fundamental) 
properties: 

•  Length-Preserving:  the  length  of  their  output  string  is  always  equal  to  the  length  of  their  input  string. 

This  is  immediate  since  we  find  out  what  our  string-function  is  by  looking  at  all  the  wires  at  the  end  of 
each  clock  period  say,  and  tacking  these  new  values  onto  the  history  of  previous  ones  for  each  wire. 

•  Monotonic:  assume  that  on  the  input  string  x,  the  circuit  returned  the  output  string  y  .  Now,  assume  that 
we  add  one  more  value  u  to  x,  making  it  the  string:  xu  ,  then  the  new  output  string  will  already  start 
with  y,  and  the  circuit  will  tack  on  a  new  value  v  to  y,  making  the  output:  yv  .  The  circuit  can  not  "go 
back  in  time",  change  some  of  the  results  it  had  output  on  input  x,  and  produce  a  string  which  does  not 
start  with  y  .  This  property  is  exactly  monotonicity  with  respect  to  the  prefix  relation:  <  on  strings. 

So,  the  essence  of  our  semantics  is:  a  synchronous  circuit  can  be  identified  with  a  S  -Monotonic,  Length- 
Preserving  string-function. 

Abbreviation:  we  temporarily  define  MLP= "  < -Monotonic  and  Length-Preserving”. 

There  are  two  technicalities  we  have  ignored  so  far,  and  which  we  mention  for  completeness  here: 

•  If  the  circuit  has  many  input  lines,  then  the  corresponding  string- function  takes  as  argument  a  tuple  of 
strings,  all  of  the  same  length  (for  the  same  reason  which  led  us  to  the  conclusion  that  the  string- 
function  was  length-preserving) . 

•  If  the  circuit  has  many  output  lines,  then  each  output  line  is  identified  with  an  MLP  string-function,  and 
the  circuit  as  a  whole  is  identified  with  a  tuple  of  such  functions. 

3.1.2.  Second  basic  intuition  (circuit  as  a  system/network) 

We  now  take  a  look  at  how  our  circuits  are  built.  As  far  as  we  are  concerned  here,  synchronous  circuits  are  made 
from  two  kinds  of  elements. 

•  Combinational  elements:  elements  which  do  not  have  memory,  or  state,  and  which  we  have  associated 
above  with  f  string-functions. 

•  Registers! clocked  storage  elements :  elements  which  hold  values  for  one  clock  period  (after  which  they 
latch  in  the  input  presented  to  them),  and  which  we  have  associated  above  with  the  Rt  string-functioa 
(Tbe  parameter,  a,  is  the  initial  value  of  the  register,  in  the  example  above  it  was  0.) 

Note  that  we  use  the  word  "register"  in  a  very  narrow  sense,  which  is  common  in  the  formal  hardware  specification 
literature  [Leiserson-Saxe  83],  [Johnson  84]  and  [Hunt  85]. 

Circuits  are  then  built  by  connecting  inputs  and  outputs  of  the  above  components  in  an  almost  arbitrary  manner. 

We  say  "almost”  because  for  a  synchronous  circuit,  every  loop  in  the  connection  graph  should  contain  at  least  one 


register.  Otherwise,  we  get  problems  of  asynchronous  latching,  oscillations,  etc.,  i.e.  not  a  correct  synchronous 
circuit:  see  [Mano  76)  and  [Mead-Conway  80]  for  more  details.  For  our  semantics,  this  restriction:  "Every-Loop-is- 
Clocked"  [ELC]  is  not  necessary  (and  we  will  come  back  to  it  in  section  3.4),  but  at  this  point  it  is  easier  to  keep 
thinking  in  terms  of  such  "good"  circuits. 

The  question  is,  how  do  we  give  meaning  (i.e.  semantics)  to  the  network,  knowing  what  the  individual  elements 
stand  for? 

If  for  each  element  in  the  circuit  we  write  an  equation  relating  the  output  to  the  input(s),  then  we  obtain  a  new 
view  of  our  circuit  as  a  system  of  equations.  If  there  are  loops  in  the  circuit,  then  the  system  will  be  recursive. 

There  is  a  standard  way  in  semantics  to  give  meaning  to  a  recursive  definition,  and  that  is  to  consider  it  as  an 
equation  in  a  certain  (appropriate)  domain,  and  take  a  certain  (appropriate)  solution  of  this  equation  as  the  object 
being  defined  by  the  recursive  definition. 

This  is  exactly  what  we  shall  do! 

Our  domain  is  basically  the  set  strings  on  Z,  and  the  MLP  functions  on  it.  Each  node  is  already  identified  with  a 
certain  MLP  function  (f*  or  Ra)  .  A  circuit,  or  system  of  equations,  will  be  identified  with  some  MLP  function 
which  solves  that  system. 

A  technicality  which  we  have  ignored  so  far,  is  that  the  "appropriate"  domains  we  have  mentioned  above  are 
ordered  domains,  i.e.  there  is  a  notion  of  an  object  being  "less-defined-than"  another.  This  relation  will  be  denoted 
by:  q  .  In  our  case  this  notion  of  c  is  very  simple:  We  add  to  Z  one  element:  ?  ,  which  should  be  read  as 
"unknown”.  In  the  c  order,  ?  is  c  all  elements  of  Z  ,  and  that’s  it.  The  new  set  is  called:  Z,  .  We  then  simply 
extend  this  order  relation  to  strings  (by  comparing  them  one  position  at  a  time),  and  to  functions  on  these  strings 
(also  by  comparing  them  point  by  point).  One  basic  concept  of  computability  in  these  domains  is  that  the 
computable  functions  respect  the  q  order,  i.e.  are  q  -Monotonic. 

Pronunciation  note.  "  c -monotonic"  can  be  read  "L-monotonic"  (short  for  "less-defined-than-monotonic");  and 
< -monotonic  can  be  read  "P-monotooic"  (for  "prefix-monotonic"). 

We  also  define  the  following  (permanent)  abbreviations  to  ease  everybody’s  job: 

Monotonic=  ”  q  -monotonic  and  < -monotonic";  and 
MLP=  "Monotonic  and  Length-Preserving". 

So,  in  conclusion,  a  synchronous  circuit  will  be  identified  with  an  MLP  string-function,  or  a  tuple  of  such 
functions  if  there  are  many  output  lines. 

3.1.3.  Extensional  versus  Intensional  view  of  the  world 

There  is  one  last  subtlety  which  comes  into  play  in  our  semantics  of  synchronous  circuits:  so  far  we  have  always 
said  "a  circuit  is  identified  with  a  certain  function".  What  we  have  really  argued  however  is  that  "a  circuit  computes 
a  certain  function". 

So  in  other  words,  we  have  associated  a  circuit  with  what  it  computes  (a  certain  function).  In  doing  so,  we  have 
abstracted  away  all  information  about  how  it  computes  that  function.  What  we  have  done  is  to  define  an  extensional 
semantics  of  synchronous  circuits. 

In  order  to  retain  more  information  in  our  theory,  we  actually  define  an  intensional  semantics  which  identifies  a 
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circuit  with  the  functional  defined  by  the  system  of  equations,  rather  than  simply  its  solution.  We  can  still  recover 
the  extensional  semantics  simply  by  taking  the  least  fixed  point  of  that  functional,  and  so  we  end  up  defining  both 
the  intensional  and  extensional  semantics. 

This  concludes  the  vague  view  of  things.  The  remaining  sections  of  this  chapter,  together  with  the  mathematical 
preliminaries  of  chapter  2,  are  intended  to  dot  all  the  i’s. 

3.2.  Formal  Syntax 

Formally,  we  have  one  basic  syntactic  object:  "Synchronous  System  Description"  or  "SYSD".  These  are 
essentially  recursive  systems  of  equations,  together  with  a  list  of  which  defined  functions  are  the  designated  output. 
They  correspond  very  closely  to  engineer's  "net  lists".  We  will  define  a  set  of  such  syntactic  objects,  i.e.  a 
language:  LSD . 

Note  that  syntactic  entities  will  be  written  in  this  font. 

Definition  3.1:  LSD 

•  Lchlr  =  countable  alphabet  with  elements  denoted  by  a ,  ax ,  a2  ... 

•  ich» r.fun  =  countable  ranked  alphabet  (elements  have  arity)  with  elements  denoted  by  f ,  f  x,  f  2  ... 

•Lstnng-fun  =  <  I  a  6  *-ch«r )  w  {  f  *  |  f  e  }  with  elements  denoted  by  F,FX,F2  ... 

•  ^inpui-iine-vw  =  countab'e  alphabet  with  elements  denoted  by  x,  x1 ,  x2  ... 

•  ^non-mput-lme-vu- =  countable  alphabet  with  elements  denoted  by  Y,  Y1,Y2  ...  Z,  zir  z2  ... 

•f-SD={  (in,  sys,  out)  | 

in  =  tuple  of  input-line- vais:  (x,,..,xm),  also  denoted  as  x  for  short. 

sys  =  system  of  equations :  Yi  (x)  <-  Ft  ( .  . ,  E^,  .  . )  ^  €  ^  of  p  (  ,  for  i  e  { 1 .  .  n} 

with  F1  e  f-stnno-fun  311(1  E  j  =  SOfne  input  or  non-input  expression  Yk  (x)  . 
out  is  a  tuple  of  non-input-line-vars  among  Yx,  .  . ,  Yn.  } 

Elements  of  Lso  are  denoted  by  S,  S1,  S2  ... 

As  syntactic  sugar,  we  will  sometimes  omit  the  input  variables  (xx,  . .  ,xk)  or  x  as  arguments  for  Yj^’s  in  the 
system,  so  that  Y5  <—  f*(Y3,Y1,x<)  will  be  a  legal  equation.  Note  that  in  this  sugared  fotm,  our  syntax  is 
almost  identical  to  the  one  used  in  [Kloos  87]  in  its  "applicative"  form.  Our  reason  for  not  using  the  sugared  form  as 
the  primary  syntax  is  that  we  can  view  our  syntactic  objects  as  restricted  expressions  in  a  more  general  string 
expression  language,  and  under  that  angle,  we  want  our  expressions  to  be  well-typed. 

One  weakness  of  LSD  as  defined  is  that  it  is  "flat”.  It  does  not  allow  user-defined  string-functions  (sub-systems). 
We  did  this  because  treating  such  objects  formally  brings  semantic  complications  which  are  orthogonal  to  the 
problem  at  hand:  semantics  of  synchronous  concurrent  systems,  Informally,  we  treat  them  as  follows: 

•  Non-recursive  string-function  definitions,  i.e.  macros,  are  simply  expanded  out. 

•  Recursive  string-function  definitions  are  disallowed.  They  correspond  to  non-direcdy  implementable 
specifications;  they  are  studied  in  [Johnson  84],  Alternatively  they  define  networks  which  reconfigure 
themselves  (expand  and  contract)  during  execution;  see  [Glasgow-MacEwen  87]  for  this  view  in  the 
context  of  operator  nets. 

Lsd  is  a  fine  language  for  mathematical  and  computer  treatment.  For  human  interaction  however,  a  graphical 
language  is  more  appropriate.  We  will  therefore  define  a  second  language:  LSDGnph  .  of  sysd’s  in  graphical  form. 
LJ0Grtph  is  isomorphic  to  LSD,  and  we  will  give  a  (trivial)  translation  functioa 
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Definition  3.2:  LSDGr  h 

A  sysd  is  a  multi-graph  (V.E),  where  vertices  are  of  2  types: 

•  VCombinational:  represented  with  a  circle,  and  a  char-function  letter  per  out-edge.  They  have  n 
in-degree,  and  m  out-degree,  with  njn  >  1  . 

•  VRegister:  represented  with  a  square,  and  a  character  letter.  They  have  in-degree  2,  and  out-degree  1. 
and  where  edges  have  at  most  1  From-node,  and  at  least  a  From-node  or  a  To-node  (and  usually  both).  Edges 
with  no  From-node  are  called  "Input  edges".  Some  non-input  edges  are  designated  as  "Output  edges". 

At  this  point,  an  example  should  help: 

Figure  3-2:  Example:  Running  Sum/Avg  Sysd 
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Or  in  sugared  LSD  : 
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In  the  future,  and  as  commonly  done  in  synchronous  circuit  design,  we  will  often  omit  the  2nd  input  of  Registers 
(the  clock  input:  xck)  from  graphical  or  sugared  sysd’s. 


Note:  As  they  stand,  elements  of  LSDGn^h  are  not  "classical"  mathematical  graphs,  since  an  edge  here  is  not  just  a 
pair  of  vertices,  but  instead,  a  pair:  (0  or  1  vertex,0  or  1  or  many  vertices).  We  could  reduce  these  objects  to 
standard  graphs  simply  by  introducing  additional  ("duplicate")  vertices,  but  there  is  no  point  in  doing  so,  since  we 
only  intend  Z-SDGr»ph  35  a  front-end  (auxiliary)  language,  and  not  as  a  tool  for  meta-proofs. 


Definition  3.3:  Translation:  £500,.^  -»  LSD 


Let  the  input  edges  be:  xlf  .  . ,  x^,  and  the  non-input  edges  be:  Yx,  ,.,Yn.  Define: 
in  =  tuple  of  input  edges, 
sys  = 

•  For  each  node  in  VCombinational,  for  each  out-going  edge  (out-edge:  Yi,  char-function  letter  f  ^  add 


the  equation:  y  <—  f  *  ( .  . ,  E,,  .  . ) ,  where  .  . ,  E  ,  .  .  are  the  incoming  edges  (either  x.'s  or 

»  x  *  J  J  * 

V  c\ 

-k  *'■ 

•  For  each  node  in  VRegisters  (out-edge:  Y, .  character  letter:  a),  add  the  equation:  Yx  «-  Ra(E,  ,E2). 
where  E,  and  E-  are  the  incoming  edges. 

out  =  tuple  of  designated  output  edges. 

3.3.  Denotational  Semantics 

The  mathematical  foundation  of  our  denotational  semantics  is  a  String  Induction  Algebra,  of  string-functions,  and 
stnng-functionals.  A  sysd  will  be  (compositionally)  mapped,  by  [[  B  ,  into  a  string-functional,  or  more  precisely,  a 
system  of  functionals.  This  is  in  the  spirit  of[Talcott  85]  and  [Moschovakis  83],  and  preserves  intensional 
information  about  the  sysd  -  how  it  computes  -  as  well  as  its  extensional  denotation  -  what  it  computes. 

Since  however,  for  many  of  our  purposes,  we  are  interested  in  the  extensional  denotation  of  the  system,  we  also 
define  an  extensional  denotation  function,  p,  which  maps  a  sysd  into  the  tuple  of  string-functions  which  it  computes, 
and  which  is  the  least  fixed  point  of  the  system  of  functionals. 

Construction  of  the  String  Induction  Algebra: 

We  have  a  countable  alphabet:  Z  ,  elements  of  which  are  denoted  by:  a,  b,  c,  a,,  b,,  c,, ...  for  constants,  and  u,  v. 
Up  Vj,  ...  for  variables.  Now  we  lift  the  alphabet  Z,  with  least  element  Z?  ,  and  get  the  corresponding  c  (flat) 
order,  and  we  take  Strings  of  Z,:  Z,*  ,  with  the  induced  c  order.  Elements  of  Z>*  are  denoted  by:  x,  y,  z,  ...  for 
variables,  and  e:  the  empty  string,  as  the  only  constant. 

For  reasons  explained  in  3.1,  we  are  interested  in  functions  on  Z?*  which  are  £ -monotonic,  < -monotonic  and 
Length-Preserving,  and  which  we  can  define  recursively  from  the  following  functions: 

Definition  3.4:  Primitive  string-functions 

•  Ra  :  (Z.,*)-  — >  Z?*  defined  by:  Rt(e,e)  =  e  a  Rt(x.u,xck.v)  =  a.x  ,  for  a  e  Z  .  We  call  R,  a  "register” 
stnng-function. 

•  f*  :  (Z,*)  S  ->  Z,*  defined  by:  f*(e...,e)  =  e  a  f*(x,.u,,.„xn.un)  =  f*(x,,..jcn) .  f(u,,..,un)  ,  for  f  e 
[Z0n  —»£,].  We  call  f*  a  "combinational"  string- function.  It  is  simply  the  homomorphic  extension  of 
a  c  -monotonic  function  on  Z,  to  strings  (of  equal  length). 

Note  about  Registers:  informally,  we  had  treated  R,  as  a  unary  function.  Formally,  we've  defined  it  as  a  binary 
function,  which  ignores  its  2nd  argument!  This  is  only  a  semantic  subtlety,  the  reason  for  it  is  clear  when  you 
consider  what  happens  if  you  fuse  the  output  of  a  register  with  its  "main"  input.  The  results  of  this  operation  is  a 
perfectly  meaningful  synchronous  circuit,  which  keeps  outputting  the  same  character,  at  every  clock  tick!  In  other 
words,  the  2nd  argument  (the  clock)  is  not  entirely  ignored.  It’s  just  that  all  its  information  (its  length)  is  also  given 
by  the  main  input,  as  long  as  it  exists.  Whenever  the  clock  input  remains  the  sole  input  to  the  circuit,  then  it 
becomes  semantically  significant 

Theorem  3.5:  Ra  and  f*  are  MLP 

(Recall  that  MLP=  "c  -monotonic  and  < -monotonic  and  Length-Preserving".) 

Proof: 

Immediate  verification. 
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Therefore  we  can  now  instantiate  the  main  results  of  chapter  2.  and  get  the  keystone  of  our  denotational 
semantics:  the  string  induction  algebra. 

Theorem  3.6:  MLP j-  Continuous  Induction  Algebra 

The  MLP  functions  on  Z.,*,  and  functionals  defined  from  Ra’s  and  f*’s  .  form  a  continuous  induction  algebra, 
which  we  call:  MLP 


Proof: 

We  have  Z?  is  a  flat  CPO  [[  by  construction  ]] 

Z?  is  a  FD-CPO  [[  thm.  2.31]] 

and  Z,  has  a  least  element  [[  by  construction  ]] 

Z?  is  a  FD-PCPO 

The  result  is  now  an  immediate  instantiation  of  thm.  3.5  and  thm.  2.54  where  we  have  slightly  abused  the 
terminology  in  exchange  for  simplicity... 

^^Thm.  3.6 

We  can  now  define  our  (intensional)  denotational  semantics: 

Definition  3.7:  Intensional  Denotational  Semantics:  HD 

Lets  e  Lsd  ,  S  =  (in,  sys,  out)  with  non-input  lines  Yj(  i  £  ( l..n),  and  input  lines  Xj,  j  £  (l..m): 

•  Lsd  :  H  S  D  =  (in.  II  sys  D  ,  out) ;  H  sys  D  will  be  called  xs  .  ts  =  (x,,..,xn)  where 

X;  =  k(Y1,..,Yn).[k(x).  H  Fi  I  (...Ej,..)  ]  for  equation:  Y^^  t-  Fi  ( .  . ,  .  . ) 

•L«nng-fu„:  Ir,11  =  ri.b  andHf*D  =  Ef  D*  . 

•  Cch„.fun  :  I  £  D  =  some  operation  on  Z,  naturally  extended  to  Z, . 

•  Lchj0. :  H  a  J  =  some  charaaer  in  Z  . 

Formally,  our  semantics  is  parametrized  by  an  algebra  Z  with  some  fixed  set  of  constants  and  operations. 

And  the  (derived)  extensional  semantics: 

Definition  3.8:  Extensional  Denotational  Semantics:  p 

Let  S  €  Lsd  ,  S  =  (in,  sys,  out)  and  H  sys  J  =  xs  =  (Xj,.„tn) .  We  define  the  extensional  semantics  of  S  as 
the  least  fixed  point  of  its  intensional  semantics,  i.e.  a  tuple  of  string-functions,  from  which  we  keep  only  the 
selected  output  lines:  p(S)  *  LFP(Xj,..,xn)out  . 

To  justify  this  definition:  we  have  MLPZ  is  a  continuous  induction  algebra  (thm.  3.6)  therefore  (thm.  2.16),  the 
system  (x^  6  n)  has  a  Least  Fixed  Point  in  MLP^:  lub[(x,,..,xn)i(Q,..,Q)]je  w  .  (Recall  that  Q  =  X  x  .?  T1  * 1  .) 

Just  to  add  a  touch  of  concreteness  to  these  definitions,  we  continue  with  the  example  presented  in  section  3.2,  in 
figure  3-2. 

Assuming  we've  selected  the  lines:  Yrunning_>um  and  Yrunning.avg,  then  its  extensional  semantics  is  a  pair  of 
string- functions  (where  the  characters  are  numbers): 

( x  x  xck .  ©>|  a;=l  xij ,  k  x  xck .  ©>j  ((!>.,  xip  /  i ) ) . 

Its  intensional  semantics  is  the  system  of  functionals  which  would  be  described  exactly  like  the  sysd  in  recursive 
form  (except  for  the  font). 


3.4.  Mathematical  characterization  of  "Every-Loop-is-CIocked" 

It  is  one  of  the  most  basic  facts  of  synchronous  circuit  design  that  some  "building  rule"  has  to  be  observed:  every 
loop  in  the  circuit  should  contain  a  clocked  storage  element,  or  more  tersely:  Every  Loop  is  Gocked  [ELC]  .  Our 
semantics  gives  a  meaning  (assigns  string-functions)  to  all  circuits,  including  those  with  "illegal"  connections. 
Intuitively  however,  there  is  a  distinction  between  "good"  synchronous  circuits  and  others. 

The  goal  of  this  section  is  to  formalize  this  intuition,  i.e.  find  a  mathematical  property  enjoyed  by  the  "legal" 
circuits,  and  prove  that  the  extensional  semantics  of  ELC  sysds  have  that  property. 

In  order  to  carry  this  out  precisely,  we  need  to  define  several  simple  concepts  about  synchronous  circuits: 

Definition  3.9:  Predecessor 

Let  $  be  a  sysd.  with  non-input  lines:  Y,.  i  e  ( l..n)  ,  Yk  is  a  predecessor  of  Y;  <=>  Y(  <—  Fj  (...,Yk,...) , 
i.e.  Yk  appears  as  one  of  the  arguments  for  Y(. 

Definition  3.10:  Path 

Let  S  be  a  svsd.  A  path  is  a  sequence  P  =  (Z,,..,Zp)  such  that  Z’s  are  non-input  lines  in  S  and  Z ■  is  a 
predecessor  of  ZJ+,  ,  V  j  e  {l..p-lj. 

We  denote  the  set  of  Paths  of  a  sysd  S  by:  Paths(S) . 

Definition  3.11:  Loop 

Let  P  =  (Zl,..,Zp)  6  Paths(s) ,  LoopfP)  <=>  Zp  =  Z{  . 

Definition  3.12:  Register-line,  Combinational-line 

Let  S  be  a  sysd,  with  non-input  lines:  Y; ,  and  equations:  Y;  «—  Fj(...)  i  e  ( l..n]  , 

•  Yt  is  a  Register-line  <=>  F(  =  Ri,  for  some  a  . 

•  Y  is  a  Combinational-line  <=>  F(  =  f*.  for  some  f . 

Definition  3.13:  Path  is  Clocked 

Let  P  =  (Zj.-Zp)  e  Paths(S) ,  Clocked(P)  <=>  3j  e  (l..pj  |  Z-  is  a  Register-line  . 

Note  the  set  of  all  non-clocked  paths  is  the  set  of  all  combinational  paths  through  the  sysd.  It  could  be  totally 
ordered  by  appropriately  defined  weights  (delays)  on  combinational  nodes.  Its  max  weight  element  would  then  be 
the  "critical  path". 

Definition  3.14:  Every-Loop-is-Clocked  [ELC] 

Let  s  be  a  sysd.  ELC(S)  <=>  V  P  €  Paths(S) ,  Loop(P)  =>  Gocked(P)  . 

The  fact  which  is  informally  known  in  the  engineering  community,  but  which  I  have  never  seen  formally 
mentioned  in  any  form  in  the  "theoretical"  literature  is  then: 

Theorem  3.15:  ELC  =>  Total  on  I* 

Let  s  be  a  sysd,  ELC(S)  =>  p(S)  is  total  on  I*  . 

And  more  generally:  ELC(S)  =>  LFP(ts)  is  total  on  I*  ,  i.e.  the  results  applies  to  all  the  lines  of  the  circuit, 
not  just  the  ones  selected  for  output. 

Important  note:  all  functions  we’ve  dealt  with  so  far  were  "total"  functions,  but  on  L,*  .  The  additional  property 
of  being  total  on  I*  means  that  if  the  input  is  in  I*  (i.e.  has  no  ?  in  it)  then  so  does  the  output.  This  is  not  enjoyed  in 


general  by  arbitrary  functions  on  2L*  . 


The  proof  rests  on  two  observations  about  iterations  of  Kleene’s  algorithm  in  MLP ^  .  "Kleene’s  algorithm"  is 
simply  the  constructive  method  used  to  reach  the  Least  Fixed  Point  of  a  continuous  functional  in  Kleeoe's  theorem 
(thm.  2.14).  as  the  least  upper  bound  of  a  chain  built  by  iterating  the  functional  starting  with  the  least  element  of  the 
PCPO. 

Informally  the  proof  goes  as  follows.  On  any  sysd,  for  an  input  e  Z*  (i.e.  with  no  ?  in  it): 

•  At  each  Kleene  iteration  (applied  to  the  input),  all  values  (on  all  lines)  have  a  particular  shape:  some 
"real”  (non-?)  characters,  followed  by  some  ?’s  ,  and  each  iteration  "pushes"  the  ?’s  a  little  further  to  the 
nght  (or  leaves  the  value  unchanged). 

•  If  the  algorithm  stabilizes  with  some  line  still  having  ?’s  in  it,  then  we  can  "climb  back"  from  that  line 
and  extract  a  loop  of  combinational-lines  (i.e.  a  non-clocked  loop). 

More  precisely: 

Definition  3.16:  K-view 

Let  s  =  (in,  sys,  out)  be  an  arbitrary  Sysd,  x  an  arbitrary  input.  Let  xs  =  I  sys  ]]  -  T(,..,Tn  . 

Define  K>  =  (■t1„.,'Cn)i(Q,..,Q)(x)  =  (K^.-JK^) .  Figuratively,  is  the  "view"  of  the  values  on  all  the  lines  of  S, 
after  the  j  ’th  iteration  of  Kleene’s  algorithm.  For  example,  K°  =  (  ?T15I ?tl5) ) . 

The  first  observation  is  expressed  in  the  following  lemma: 

Theorem  3.17:  K-view  shape 

Let  S  e  Lsd  ,  with  non-input  lines  Yjt  i  e  { l..n)  and  m  input  lines.  Let  x  e  (X*)2 ,  V  j  e  co ,  V  i  6  { l..n}  , 

3  p,  j  e  (0..lxl)  |  KJj  =  ci,  .  ?tl5l'P)J  withci,  e  I*  ,  i.e.  informally:  Ki=c,..c  .??..?  with  c’s  *  ?  . 

J-  -Pp  Pjj 

Proof: 

Assume  [hi]  x  6  (Z*)2  .  We  induct  on  j  (i.e.  on  Kleene  iterations)  with  predicate: 

Vie  (l..n)  ,3  Pji  e  [0..lxl]  |KJ,  =  ci,  .  ?T'5'-pp 

!•  -r  jj 

Base  case,  immediate  [[  take  p0 ;  =  0  ,  Vi  ]] 

[[jlbaje  case 

Induction  step:  (assume  ok  for  j).  Let  i  arbitrary  €  {!..□} 

If  Y,  is  a  register-line:  Y(  <—  Rf(Yk) ,  then: 

We  have  K^'j  =  a .  K-^i,  [[def.  Kleene’s  algorithm]] 

KJ*^  =  a  .  ci,  .  ?TI5I*P^‘1  [[  induction  hyp.,  instantiating  general  i  to  k  ]] 

i.e  we  have  added  a  non-?  character  on  the  left,  and  chopped  off  a  ?  (if  any)  from  the  right. 

KJ*^  is  "of  the  right  shape"  a  pj4.l  j  =  if  Pj  k  =  Ixl  then  Ixl  else  1+pj  k 

If  Y(  <—  Ra(xk) ,  then: 

We  have  KJ*',  =  a  .  x^,  ,,,, 
there  are  no  ?  in  K-1* 1 , 

KJ+,(  is  "of  the  nght  shape"  a  pj+ll  =  lxl 

If  Y,  is  a  combinational-line:  Y(  «-  f*(..,Yk  or  xk...) ,  then: 

We  have  ,,KJk,..  are  "of  the  nght  shape"  [[  induction  hyp.  ]] 

and  all  xk’s  have  no  ?  in  them  [[  hypothesis  hi  ]] 


[[def.  Kleene’s  algorithm]] 

[[  x^  €  Z*  by  hi,  a  *  ?  by  definition,  3.7  ]] 


[[def.  Kleene’s  algorithm]] 
[[  by  definition.  3.7  ]] 


and  KJ*1i  =  f*(...K\orxk,..) 
and  f  is  a  naturally  extended  function  :  (21*)-  — »  X 
Consider  any  position,  pos  e  (l..lxl): 

We  have  KH,~pos  =  f  (.  .KJk>os  or  x^...)  [[def.  f‘ .  3.4]] 

and  xk*.pos  *  0  therefore: 

if  for  all  predecessors,  *  ?  then  *  ? 

if  for  some  predecessor.  K7k„pos  =  9  then  Kj*1ipos  =  ? 

K-i*1,  is  "of  the  nght  shape"  a  p^,  t  =  min{  Pj  k  .  Yk  predecessors  of  Y,  )  or  1x1  if  all  the  arguments  are 
input-Unes. 

^^mductjon  step 
^^Thm.  3.17 


The  second  observation  becomes  the  proof  (by  contradiction)  of  the  ELC  theorem: 

Proof: 

Let  S  e  Lsd  ,  with  non-input  fines  Yt,  i  e  ( l..n]  and  m  input  fines. 

Assume 
[hi]  x  e  (X*>m 

[h2]  3  j  e  co  |  KJ+ 1  =  K7  ,  i.e.  the  algorithm  is  stable  at  the  j’th  iteration. 

[h3]  3  L  e  ( l..n)  |  p  <1x1,  i.e.  there  is  still  at  least  one  ?  in  KJ,  . 
u  J'*0  —  V 


We  now  extract  a  predecessor  of  Y  which  also  has  some  ?  left  in  it: 


if  Y. 


is  a  register-line,  then  its  argument  can  not  be  an  input  line  because  inputs  are  assumed  to  have  no  ?  in  them 


and  hence  fC'-'o  would  have  no  ?  in  it,  V  j  >  0  . 

\  R.(Y,) 

We  have  pj+1  ^  =  if  pj  (  =  lx!  then  Ixl  else  1+Pj ; 

30(1  PrU.-Pj.io 
and  p  <1x1 
J'l0  ~ 

p  -  <  Ixl  mainly,  and  also:  p-  ■  >  p-  L 


[[  proof  of  Shape  lemma  ]] 
[[  hypothesis  h 2  ]] 

[[  hypothesis  h3  ]] 


if  Y  is  a  combinational-line:  Y  «—  f*  (...Y,.  or  xv,..)  .  Again,  because  inputs  have  no  ? 
>o  V)  *  K 

contains  some  ?  ,  at  least  some  arguments  must  be  non-input  lines. 


Let 

then 

and 

and 


Pj*i  ij,  =  min  I  PjJt  -  Yk  predecessors  of  Y^  } 
i,  be  some  predecessor  yielding  the  minimum  p, 


pj.',  Pj+’-'o 
pj*  =  Pj.i0 

Pi. 


J-'o 


<  Ixl 


p  <  Ixl  mainly,  and  also:  p; ,  =p,- 
J**i  —  J*1!  J»‘0 


[[  proof  of  Shape  lemma  ]] 


[[  hypothesis  h2  ]] 
[[  hypothesis  h3  ]] 


in  them  and 


By  this  pnxess  we’ve  extracted  a  predecessor  of  Y^  :  such  that  <  Ixl  ,  which  was  the  hypothesis  we  had 

on  i0  therefore  we  can  reiterate  this  process. 


Remark:  From  the  construction  above  we  also  get: 

[rl]  in  either  case,  p, ,  >p,  , 

1  J-‘o 

[r2]  p  =  p  <=>  Y  is  a  combinational-line. 

J'1!  j-'o 

We  now  build  a  path  by  starting  with  P  =  (Y  ),  and: 

T) 


•  If  Yj  does  not  already  appear  in  P,  we  add  it  to  P.  and  reiterate  Since  there  are  finitely  many  lines  in  S. 
we  must  eventually  hit  the  other  case: 

•  If  Yt  does  appear  in  P,  we  add  it  to  P  and  stop:  we  have  now  obtained  a  path  which  contains  a  loop! 

More  precisely,  at  the  end  of  this  (finite)  process  we  have:  P  =  (Y  ,Y  ,...Y  ,Y  ,..,Y  )  for  some  q.  Extract  the 

*0  *1  'q  q+1  *q 

loop  L  =  (Y,  .Y,  ....Y, ). 

“t  1*1  q 

From  [rl],  we  know  that  the  p's  are  weakly  increasing  along  L.  And  they  must  be  equal  at  both  ends  (because  L  is 
a  loop),  therefore  they  are  constant  along  L.  From  [r2],  the  p's  can  only  be  constant  if  the  lines  are  combinauonal- 
ltnes. 

L  is  a  loop  of  combinational-lines  in  the  sysd  S 

Therefore,  the  contrapositive  is  that  if  S  has  no  combinational  loops,  i.e.  ELC(S),  and  if  the  input  x  has  no  ?  in  it, 
and  if  Kleene’s  algorithm  terminates  at  the  j’th  iteration  then: 

Vie  ( 1  ,.n  1  pj  j  =  Ixl ,  i.e.  Kh  e  Z* 

and  KJ  =  LFP(ts)(x)  [[  by  def.  of  K-view,  and  KleeDe’s  thm.  ]] 

LFP(-cs)(x)  e  (X*)» 

KHThm.3.15 


3.5.  Operational  semantics  and  Equivalence  with  (extensional)  Denotational 
semantics 

An  operational  semantics  is  a  different  way  to  assign  meaning  to  a  circuit  with  a  more  "dynamic"  or  algorithmic 
flavor  than  the  denotational  semantics.  It  usually  refers  to  concepts  such  as  state  and  transition  steps,  and  iterativel 
computes  the  outputs  from  the  inputs  and  the  circuit  This  is  in  contrast  to  the  (extensional)  denotational  semantics 
which  are  considered  more  "static",  just  stating  what  the  outputs  should  be  (least  fixed  points  of  a  system  of 
equations)  without  explicitely  constructing  them.  This  however,  is  only  a  question  of  taste  since  Kleene’s  theorem 
for  reaching  the  LFP  is  constructive  and  easily  implementable. 


Proving  the  equivalence  of  an  operational  semantics/algorithm  and  the  (extensional)  denotational  semantics  can 
be  seen  under  two  angles: 

•  as  an  additional  justification  for  the  denotational  semantics,  if  the  operational  semantics  is  "intuitively 
right". 


•  or  as  a  proof  of  correctness  of  the  algorithm,  if  one  believes  first  in  the  denotational  aspect  of  the 
computation. 


In  this  work,  our  goal  is  the  first  angle.  We  therefore  have  to  pick  an  operational  semantics  which  is  as 
intuitively  right"  as  possible  to  people  who  would  be  skeptical  of  our  denotational  semantics.  To  that  end,  we  will 
give  two  operational  semantics,  both  based  on  states,  and  character  by  character  operation,  but  with  a  slight 
distinction: 


•  The  1st  one  uses  a  "big"  state:  the  history  of  all  values  seen  on  all  lines,  and  is  therefore  a  little 
"abstract".  We  will  refer  to  it  as  our  ’  operational  semantics". 


•  The  2nd  one  uses  a  more  practical  state:  the  current  value  held  in  all  registers,  and  is  essentially  the 
simplest  simulation  algorithm  for  synchronous  circuits  [Russell-Kinniment-Chester-McLauchlan  85], 
and  hence,  quite  "concrete”.  We  will  refer  to  it  as  our  "simulation  semantics". 

And  we  will  prove  equivalence  with  the  (extensional)  denotational  semantics  for  both  of  them. 


Definition  3.18:  Informal  Operational  Semantics 

For  a  given  ELC  circuit  S  with  non-input  lines  Y,,  i  e  { l..n),  and  input  lines  Xj,j  e  '  I  ..m],  we  define  the 


36 


state  s  =  (Sy.sx)  to  be  the  history  of  ah  characters  seen  on  each  line. 

We  define  a  ’  next-output"  function  §s  which  takes  the  state  (Sy,sx)  and  an  input  character  (for  each  input  line) 
and  returns  an  output  character  (for  each  non-input  line)  as  follows: 

•  Case:  Register-line  Y)  <—  Ra(Yk) :  Return  the  LAST  character  which  appeared  on  Yk  so  far.  because 
that's  the  character  which  is  currently  being  held  in  the  register.  We  can  get  that  character  from  the 
state:  sY  If  there  was  none.  i.e.  we  are  in  the  initial  condition,  then  return  "a". 

t 

If  the  argument  is  an  input  line,  lookup  the  value  in  sx  instead  of  Sy. 

•  Case:  Combinational-line  Y(  <—  fi*(..,Yk,..) :  Recursively  compute  the  next-output  for  the  predecessor 
lutes  and  apply  f  to  them. 

If  some  argument  is  an  .nput  line,  then  take  the  current  input  character  for  that  line. 

We  also  define  a  "next-state"  function  ys  which  simply  tacks  on  the  new  character  produced  by  5S  to  the 
current  state.  (And  for  the  input  part  of  the  state,  tacks  on  the  new  input  values.) 

Then  we  extend  both  of  these  functions  to  handle  strings  of  inputs  by  iterating  the  character  by  character 
functions,  while  starting  in  the  initial,  empty,  state.  This  yields  the  "complete-output"  function  As  and  the 
"final-state"  function  Ps  . 

Pictorially,  the  set-up  looks  like  this: 

Figure  3-3:  Operational  Semantics 


S  (S,u) 


S=  (S  y,  Sx) 


y. 


n  char. 


Notes: 

•  The  function  8S  is  recursive  in  an  unusual  way  in  the  combinational  case:  it  calls  itself  on  all  the 
predecessors  of  the  current  line.  But  since  we  assume  that  all  loops  are  clocked  (ELC  circuit)  then  these 
recursive  calls  will  eventually  hit  a  Register-line  or  an  input-line  and  terminate.  We  will  justify  this 
formally  below. 

•  The  2nd  input  to  "Rj"  equations  was  not  mentioned  because  the  operational  semantics  ignores  it.  (The 
clock  beat  is  in  some  sense  hardwired  in  the  string  recursion.)  More  precisely,  the  equivalence  theorem 
is  true  no  matter  what  line  is  plugged  into  the  2nd  argument  of  Registers.  However  the  operational 


model  matches  the  reality  of  physical  registers  only  if  xck  is  indeed  connected  to  their  clock  pin  (and  if 
other  physical  considerations  such  as  timing,  electrical  issues,  etc...  are  also  correct). 

•  To  lighten  up  our  notations  the  S  subscript  will  be  omitted  from  here  on.  Also,  we  will  make  use  of  an 
"or  respectively"  notation,  to  express  definitions  which  are  very  similar  in  two  symmetric  cases 
(argument  is  a  non-input-line,  or  input-line).  This  will  be  clear  with  the  examples  below. 

Definition  3.19:  Formal  Operational  Semantics 

Lets  £  Lsd  ,  with  non-input  lines  Y;,  i  e  { l..n}  and  input  lines  Xj.j  €  ( l..m},  and  ELC(S) . 

Let  sY  6  (Z?T  ,  sx  €  (I„T  ,  x  6  (I,*)21 .  u  e  (I,)E  ,  v  e  (T?)E  . 

Define  S(sY,sx.v)  e  (£,)2  by:  for i  e  (l..n), 

•  if  Y,  <—  Ra( Yk  or  xk)  then  S(sY,sx,y)|  =  if  sY  or  ^  =  e  then  a  else  last(sY  or  s  ) 

•  if  Yv  <-  f*(...Yk  or  xk„.)  then  8(sY.sx.v)i  =  f(..,5(sY,sx,v)k  or  v^,..) 

Define  y(sY,sx,v)  =  t  Sy.b(Sy.sx,v) ,  sx.v  ) 

And  the  stnng-extended  functions  are  defined  by  recursion  on  the  input  string: 

A(e)  -  e  and  A(x.u)  =  A(x) .  8(I~(x),u) 

He)  =  e.e  and  Hx.u)  =  y  (r(x).u) 

It  should  be  obvious  from  the  state  set-up  (or  the  defining  equations)  that  the  "complete  output"  and  the  "final 
state"  are  essentially  the  same,  and  that  therefore  the  defining  equation  for  A  can  be  simplified,  by  replacing  T  by  A  . 
More  precisely: 

Theorem  3.20:  A  simplification 

V  x  in  (In*)2  ,  u  e  (ll,)E  ,  T(x)  =  (  A(x),x  )  and  therefore  A(x.u)  =  A(x) .  5(A(x),x,u) 

The  first  equality  is  proved  by  a  simple  structural  induction  on  x  ;  the  second  is  then  a  trivial  substitution  into  the 
definition  of  A . 

Proof: 

Case  § : 

We  have  A(e)  =  e  [[def.  3.19]] 

and  T(e)  =  e.e  [[def.  3.19]] 

He)  =  ( A(e).e  ) 


Case  x.u: 

We  have  T(x.u)  =  y  (r(x),u) 
and  T(x)  =  (  A(x),x  ) 

Hx.u)  =  y(A(x)jc,u) 

Hx.u)  =  (  A(x).6(A(x),x,u) ,  x.u) 
Hx.u)  =  (  A(x).5(r(x),u) ,  x.u) 
and  A(x.u)  =  A(x).8(T(x),ii) 

T(x.u)  =  (  A(x.u) ,  x.u  ) 


[[  def.  3.19  ,  expanding  T  ]] 

[[  induction  hypothesis  ]] 

[[  def.  3.19  ,  expanding  y  ]] 

[[  simplifying  A(x)jc  w/  induction  hyp.  ]] 
[[  def.  3.19  ,  expanding  A  ]] 


iThm.  3.20 
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Remark:  Totality  of  the  functions  8,  y.  A,  T 

•  A.  T  and  y  are  primitive  recursive  in  6;  i.e.  assuming  8  is  total,  their  totality  is  simply  a  structural 
induction  on  x  (i.e.  well-founded  induction  on  the  <  (prefix)  relation  in  L,*  . 

•  8  is  more  unusual:  it  recurses  on  its  "line"  argument  (noted  as  a  subscript)  in  the  Combinational  line 
case.  I.e.  it  calls  itself  back  on  the  predecessor  lines  of  the  current  combinational  line. 

This  corresponds  to  well-founded  induction  on  the  predecessor  ordering  of  the  circuit  "cut''  at  each 
Register,  i.e.  where  all  Register-lines  are  considered  as  sources  together  with  the  input  lines.  Clearlv  if 
the  cc  -uit  is  ELC,  then  all  loops  have  at  least  a  Register-line,  and  when  these  loops  are  "cut"  at  the 
Register,  the  resulting  directed  graph  is  acyclic,  and  hence  the  "R-cut-predecessor"  relation  is  well- 
founded. 

Therefore  the  proof  of  totality  for  8  is  simply  a  well-founded  induction  with  the  R-cut-predecessor 
relation  on  its  line  argument. 

The  main  reason  for  all  this  set-up  is  of  course: 

Theorem  3.21:  Operational-Denotational  Equivalence 

Let  S  =  (in,  sys,  out)  be  an  ELC  sysd  (with  m  inputs),  we  have:  Vxe  (T*)E  ,  As(x)out  =  p.(s)(x) . 

Or  in  other  words:  for  all  "true"  synchronous  circuits  and  inputs,  the  operational  and  denotahonal  semantics 
agree. 

The  key  idea  of  the  proof  is  that  the  "complete-output"  function  A  is  a  fixed  point  of  ts  (the  functional  system 
denoted  by  S)  ,  and  also  of  course  that  it  is  in  the  right  domain:  MLP £.  The  inequality  p(  .)  c  A(..)  is  then  an 
immediate  consequence  of  the  fa  a  that  any  fixed  point  is  at  least  as  defined  as  the  least  fixed  point  The 
ELC-characterization  of  the  previous  section  gives  us  that  for  an  ELC  circuit  and  input  with  no  ?  in  it.  the 
denotational  semantics  returns  strings  with  no  ?  in  them,  i.e.  maximal  strings  under  c  ,  and  this  yields  the  equality. 

Proof: 

Let  s  be  an  ELC  sysd  with  lines  Yj,  i  e  ( l..n)  and  input  lines  x-.j  e  [l..m). 

We  want  to  prove:  MLP(A)  a  ts  (A)  =  A  ,  which  is  equivalent  to  the  conjunction  of: 

[LP]:  V  x  6  (I?*)2I ,  I  A(x)  1  =  1x1 
[  <  -Mon]:  V  x,x'  e  (£,*)E  ,  x  <  x'  =>  A(x)  S  A(x') 

[c-Mon]:  V  x.x'  e  ,  x  c  x'  =>  A(x)  c  A(xO 

[Fixed-Point]:  V  x  e  (L,*)E  ,  V  i  e  ( l..n)  ,  [  T((A)  ]  (x)  =  A(x);  ,  where  the  left-hand-side  is  simply  the  expansion 
of  the  Yj  definition,  substituting:  A(x)^  for  Yk(x) . 

[LP]  is  clear  from  the  definition  of  A,  since  for  empty  input  we  return  the  empty  string,  and  for  each  additional 
input  character,  we  concatenate  one  extra  character.  Formally,  [LP]  is  a  trivial  (and  hence  skipped)  structural 
induction  on  x . 

miu* 

[<-Mon]  is  similarly  easy,  since  to  compute  A(x.u)  we  take  A(x)  and  append  "something"  (a  character).  Therefore 
A(x)  <  A(x.u) .  And  since  x  <  x'  <=>  3  z  ]  x'  =  x  .  z  ,  a  trivial  structural  induction  on  z  yields  [S-Mon]  as 

originally  stated. 

s  -Mon 

For  [c-Mon]  we  first  prove  that  8  is  Q -Monotonic  (in  its  string  arguments),  which  requires  a  well-founded 
induction  on  the  R-cut-predecessor  relation  on  the  line  argument,  corresponding  to  8’s  recursive  definition.  Once 
this  is  done  we  can  prove  that  A  is  q  -  Monotonic  by  a  simple  structural  induction  on  x  . 


5  is  c  -Monotonic: 

Let  v,v'  €  (So*)-  ,  xjt'  e  (X-,*)2  ,  v.v'  €  (S,)-  . 
Assume  v  c  v'  a  x  c  x'  a  v  c  v' . 

Let  i  e  { 1  ..n }  arbitrary  , 


If  Yj  is  a  register-line:  Yj  <—  Ra(Yk)  then: 

We  have  S(y.x.y)j  =  if  Vj,  =  e  then  a  else  last(yk) 
and  Sfv'.x'.v'),  =  if  y'k  =  e  then  a  else  lastly  k) 
and  Vj,  =  e  <=>  v'k  =  e 
and  a  £  a 

and  lastly^)  £  last(y'k) 

5(v.x.y)j  c  Sly'jc'.v'), 

If  Y|  is  a  register-line:  Y|  «—  Ra(xk)  then: 
exactly  the  same  reasoning  as  above  with  x  instead  of  y  yields: 
5(i-i.v)j  c  Sfy'jt'.yOj 


[[  def.  8.3.19]] 

[[def.  8,3.19]] 

[[  y  c  y'  hyp.  and  def.  £  ,  2.38  ]] 

[[  def.  c  ,  2.38  ]] 

[[  y  c  y'  hyp.  and  last()  c  -Monotonic  ]] 


If  Yj  is  a  combinational-line:  Yj  «-  f*(..,Yk  or  xk„.)  then: 

We  have  8(y,x,v)j  =  f(..,8(y,x,y)k  or  v^,,..) 
and  6(y',x',y')j  =  f(..,8( or  v'k,..) 
and  S^.x^  £  S(y',x',y\ 
and  vk  £  v'k 
and  f  £ -Monotonic 

f(..,5(y',x/,y')k  or  v'k,..)  £  f(..,8(y',x',y')k  or  y'k„.) 

8(y,x,v)j  £  6(y'jt',y')j 

[D]  5  Q -Monotonic 

Now  we  prove  [  £  -Mon  ]  by  structural  induction  on  x  : 


[[  def.  8,3.19]] 

[[def.  8,  3.19]] 

[[  induction  hyp.:  k  <  R<ut.predecettor  i  ]] 
[[  v  £  v'  hyp.  ]] 

[[  def.  of  the  meaning  of  a  Sysd,  3.7  ]] 


Case  t:  Let  x'  arbitrary  |  x  £  x' , 

We  have  e  £  x'  =>  e  =  x'  [[  def.  £  ,  2.38  ]] 

and  e  =  x'  =>  A(e)  =  A(xO  =>  A(e)  £  A(x') 

5  -Mon.e 


Case  (x.u):  Let  x'.u'  arbitrary  |  x.u  £  x'.u' , 
note:  x.u  £  y  =>  lx.ul  =  lyl  =>  3  x',u'  |  y  =  x'.u'  a  x  £  x' 

We  have  A(x.u)  =  A(x) .  S(A(x),x,u) 
and  A(x'.uO  =  A(x') .  8(A(x')pt',u') 
and  A(x)  £  A(xO 

8(A(x),x,u)  £  8(A(x'),x',u') 

A(x.u)  £  A(x'.u') 


A  U  £  u' 

[[def.  £.2.38  ]]  ]] 

[[  simplified  A,  thm.  3.20  ]] 

[[  simplified  A,  thm.  3.20  ]] 

[[  induction  hypothesis,  x  £  x'  ]] 

[[  8  £  -Monotonic,  x  £  x' ,  u  £  u'  ]] 


C  -Monji.u 
C-Mon 


We  finally  prove  the  main  result:  [Fixed-Point]  ,  by  structural  induction  on  x,  combined  with  much  equation 


*  -  »  ^ liT kTinwTTO.T.’»V<  I'M  L  .  WTWHU  DTuiULlWtlirigWli 


wwwnv 
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Case  (e):  let  i  e  { l..n)  arbitrary. 

We  have  A(£)1  =  £  [[  def.  A,  3.19  ]] 

and  f*<e>=  e  '  a  Ra(e)  =  e  [[  def.  f*,  R,,  3.4  ]] 

[  ](£>  =  £  =  Ate) 

t^Fixed-PoinUE 


Case  (x.u):  let  i  €  { l..n }  arbitrary, 
We  have  A(x.u),  =  A(x),  .  5(A(x),x,u)j 


[[  simplified  A,  thm.  3.20  ]] 


If  Y1  is  a  register-line:  Y(  <—  Ra(Yk  or  x^  then: 

We  have  5(A(x).x.u),  =  [  if  A(x)k  or  xk  =  £  then  a  else  last(A(x)k  or  xk)  ] 

[[def.  8,3.19]] 

.  .  LI :  ACx.u)i  =  AOc), .  [  if  A(x)k  orxk  =  £  then  a  else  last(A(x)k  or  xk)  ] 

and  A(x),  =  ’[  Xj(A)  ]'  (x)  [[induction  hypothesis  ]] 

A(x)i  =  Ra(A(x)k  or  x^.)  [[  expanding  def.  ^  ]] 

A(x)i  =  [  if  A(x)k  or  ^  =  £  then  e  else  a  .  abl(A(x)>,  or  Xj.)  ]  [[  expanding  Ra  ]] 

A(x.u),  =  [  if  A(x)k  or  x^  =  £  then  £  .  a  else  a  .  ablfACx^  or  x^ .  last(A(x)k  or  xk)  ] 

[[  replacing  A(x);  in  line  LI  ]] 

A(x.u),  =  [  if  A(x)k  =  £  then  a  else  a  .  (A(x)k  or  xj  ] 

. .  L2:  A(x.u),  =  a  .  (A(x)j.  or  Xj.) 

We  have  [  X,(A)  ]  (x.u)  =  Ra(A(x.u)k  or  3^.^) 

[  x,(A)  ]  (x.u)  =  Ra[  A(x)k  .  8(A(x),x,u)k  or  x^Uj,  ] 

[  X;(A)  ]  (x.u)  =  a  .  (A(x)k  or  Xj.) 

[  tjfA)  ]  (x.u)  =  A(x.u), 

[[]]fixed-PomUx.ujtegi»ier 


[[  simplifying  abl().last()  ]] 

[[  simplifying  if  expression  ]] 

[[  expanding  def.  t,  ]] 

[[  expanding  A(x.u) ,  thm.  3.20  ]] 

[[  expanding  Rt,  5(.,)  and  ^  are  characters.  ]] 
[[  matching  with  line  L2  ]] 


If  Y]  is  a  combinational-line:  Y ;  <—  f*(~,Yk  or  xk„.)  then: 

We  have  SfAfxl.x.u),  =  f  (.. Jast(A(x.u)k  orx^),..) 

. .  L3:  A(x.u),  =  A(x), .  f  (..Jast(A(x.u)k  or^.u*),..) 
and  A(x),  =  [  x,(A)  ]  (x) 

A(x),  =  f*(...A(x)korxk,..) 

A(x.u)j  =  f*(...A(x)j.  or  x^..) .  f (..JastfACx-u^  or  x^u*),..) 
A(x.u),  =  f*  (...A(x)k.last(A(x.u)k)  or  x^lastCx^),..) 

. .  L4:  A(x.u)i  =  f*(..a5t(x)k.last(A(x.u)k)  or  x^u*...) 
and  A(x.u)k  =  A(x)j. .  SfAQ^.u^ 

Afx.u^  =  A(x\  .  lastfACx-u^) 

A(x.u)j  =  Pf.^Afx.u^  or  x*.^,..) 
and  [  i, (A)  ]  (x.u)  =  f*(..,A(x.u)k  or  x^Uj.,..) 

[  Xj(A)  ]  (x.u)  =  A(x.u)j 


[[  def.  8,  3.19  ]] 

[[  induction  hypothesis  ]] 

[[  expanding  def.  xs  ]] 

[[  combining  with  line  L3  ]] 

[[  def.  f*  ]] 

[[  simplifying  x^lastQ^.u*.)  ]] 
[[  thm,  3.20 }] 

[[  &{...)  is  a  character!  ]] 

[[  substituting  into  L4  ]] 

[[  expanding  def.  x;  ]] 


till 


Fixed-Poinl,x.u,Combinition*l 


Ml 


Fixed-Point,x.u 


Fixed*  Point 


From  all  this  we  know  that  A  is  a  fixed  point  of  xs  and  A  e  MLP r , 


LFP(xs)  c  A 

V  x  e  (X,*)!n ,  LFP(x$)(x)  c  A(x) 


[[  LFPis  Least!,  def.  2.13]] 

[[  def.  pointwise  order,  2.23  ]] 


From  the  previous  section  (section  3.4)  and  ELC(S)  hypothesis  : 
We  have  LFP(ts)  total  on  E* 

V  X  6  (Z*)E  ,  LFP(ts)(x)  e  (Z‘)S 
and  stnngs  with  no  ?  in  them  are  maximal  under  q 
Vxe  (E*)2  .  LFP(ts)(x)  is  maximal  under  c 


[[ELCthm.,3.15  ]] 


[[  def.  c  coordinatewise  ]] 


Combining  those  2  results,  we  get: 

Vxe  (Z*)E  .  LFP(ts)(x)  =  A(x) 

and  of  course  the  equality  still  holds  if  we  project  some  lines  (out)  from  the  tuple: 
and  p(S)  =  LFP(xs)out  [[  def.  3.8  ]] 

V  x  e  (Z*)E  .  A(x)out  =  iKSXx)  • 

fni-rhin.3.21 

W'e  now  move  on  to  our  simulation  semantics.  We  will  define  it  both  informally  and  formally,  and  then  prove  its 
equivalence  with  the  operational  semantics  (and  therefore  also  to  the  extensional  denotational  semantics). 

Definition  3.22:  Informal  Simulation  Semantics 

The  main  difference  with  the  operational  semantics  is  that  now  the  state  simply  contains  the  current  value 
stored  in  each  register.  We  call  it  sR  and  it  is  indexed  by  the  (Register)  line  number. 

The  new  "next-output"  function  S's  differs  from  the  old  one  in  the  Register  case  only  and  simply  returns  the 
character  in  s^  for  Register-line  Yr 

The  new  ’next-state"  function  y’s  updates  Sr  by  storing  in  it  the  character  just  output  by  5's  for  its  predecessor 
line  (or  the  input  character  if  the  argument  is  an  input-line). 

The  extensions  of  these  functions  to  handle  strings  of  inputs  are  done  just  as  in  the  previous  case,  by  iterating 
the  character  by  character  functions.  One  detail  is  different  however:  the  initial  state  is  taken  from  s,  i.e.  if  S 
contains  the  equation  Yj  Ra(Yk)  then  the  initial  state  has  Sr^^  =  a  . 

i 

Pictorially,  the  set-up  looks  like  this: 


5V*v«*!V*:«v»sV 


Figure  3-4:  Simulation  Semantics 


1 


n 


5'(s ,  u )  s=  s 


R 


m 


■  "unused" 
n  char. 


As  before,  the  S  subscript  will  be  omitted.  Note  also  that  we  define  Sr  to  be  an  array  of  length  n,  indexed  by  the 
line  number  i,  when  in  fart  we  only  use  array  slots  corresponding  to  Register-lines.  This  is  just  for  ease  of  notation. 
The  other  entries  can  be  thought  of  as  "unspecified"  or  containing  an  "unused"  character,  and  are  irrelevant  to  the 
proof. 

Definition  3.23:  Formal  Simulation  Semantics 

Lets  <=  Lsd  ,  with  non-input  lines  Yj,  i  €  { l..n|  and  input  lines  Xj.j  e  {l..m},andELC(S) . 

Let  Sr  e  ,  v  e  (X7)E . 

Define  S'(s^.v)  €  (Z,)2  |  Vi  e  { l..n } 

•  if  Y,  <-  R/Yk  or  xk)  then  8'(Sr,v);  =  Sj^ 

•  if  Y,  i—  f*(..,Yk  or  xk,..)  then  8'(SR,v)j  =  f(..,8'(sR,v)k  or  Vj.,..) 

Define y'(sr.v)  |  Vi  6  { l..n} 

•  if  Yj  «-  Rt(Yk  or  xk)  then  y  '(sR,v)i  *  5'( Sr.v^  or  v* 

And  the  string-extended  functions  are  defined  by  recursion  on  the  input  string: 

A'(e)  =  e  and  A'(x.u)  =  A'(x) .  8'(r  '(x).u) 

r  '(I),  «  Sr ^  =if  Y,  <-  R,(  Yk  or  xk)  then  a  and  T  '(x.u)  =  y  \T  '(x).u) 

The  justification  for  the  totality  of  these  functions  is  the  same  as  for  the  operational  semantics.  The  key  result  is: 

Theorem  3.24:  Simulation-Operational  Equivalence 

Let  S  be  an  EL C  sysd  (with  m  inputs),  we  have:  V  x  6  (X7*)1H  ,  A's(x)  =  As(x) 

Or  in  other  words:  the  two  operational  semantics  agree. 


The  proof  proceeds  in  rwo  steps: 

1.  A  "small  state  is  appropriate"  lemma,  which  makes  explicit  the  fact  that  the  value  currently  kept  in  the 
register  is  the  same  as  the  last  character  seen  on  the  predecessor  line,  and  which  is  proved  by  structural 
induction  on  the  input  string  . 

2.  An  inductive  proof  of  equality  between  A  and  A'.  The  main  subtlety  here  is  to  find  an  induction  which 
proceeds  in  the  same  manner  as  A  or  A'  recurses,  i.e.  a  combination  of  structural  recursion  on  the  input, 
and  R-cut-predecessor  recursion  on  the  lines.  To  achieve  that  we  define  <  lej(  :  the  lexicographic 
combination  of  the  prefix  ordering  on  strings,  and  the  R-cut-predecessor  ordering  on  the  lines  of  an 
ELC  circuit,  and  use  well-founded  induction  on  <  ,ex  . 

Once  these  steps  have  been  identified,  what  remains  is  tedious  equation  pushing... 

[State-Lemma]:  V  x  e  (£o*)E  ,  V  i  e  { l..n]  ,  if  Y;  <-  Ra(Yk  or  xk)  then 
T  '(x),  =  if  (A'(x)k  or  xk)  =  e  then  a  else  last(A'(x)k  or  x^ 

This  is  proved  by  a  simple  structural  induction  on  x  : 


Case  e  : 

Let  i  e  (l  .n)  |  if  Ys  < —  Ra(Ykorxk) 

then  T  '(e)j  =  a  [[  def.  T ',  3.23  ]] 

and  A'(e)  =  e  [[  def.  A',  3.23  ]] 

T '(e)j  =  if  e  =  §  then  a  else  ... 

[Olstate-Lemmu 


Case  x.u: 

Let  i  e  [l..n]  |  ifY,  <-  Ra(Ykorxk) 

then  r'(x.u)i=y,(r,(x)<u)  [[  def.  3.23,  expanding  T '  ]] 

. .  LI :  T  '(x.u);  =  8'(T  '(x),u)k  or  uk  [[  def.  3.23.  expanding  y  '  ]] 

and  A'^.u^  =  A'(x)k.5'(r [[  def.  3.23,  expanding  A' ]] 
lastfA'fx.u^)  =  8'(T  '(x),^  a  A'fx-u^  *  t 

T  '(x.u);  =  last(A'(x.u)k)  or  Uj,  [[  replacing  in  LI  ]] 

and  Ufc  =  lastfx^Ufc)  a  x^Uj.  *  e 
r  '(x.u);  =  lastfAXx.u^  or  x^u^) 

r  '(x.u);  =  if  (A'Oc.u^  or^.t^)  =  e  then  ...  else  las^A'^.u^  orxk.Uj.) 

f  H 1  Sute -Lemmix.u 
[[^State-Lemma 


We  now  prove  the  final  equivalence:  V  x  e  (X?*)22 ,  V  i  e  ( l..n]  ,  A'(x);  =  A(x); ,  by  well-founded  induction 
<ie*&i): 


Case  (e,i): 

We  have  A(e);  =  e  =  A'(e);  [[  def.  A,  3. 19  and  def.  A',  3.23  ]] 

tm_e, 


Case  (x.uj): 

We  have  A(x.u);  =  A(x);.8(A(x),x,u); 
and  A'(x.u);  =  A'(x);.8'(r  '(x).u); 
and  A(x);=A'(x); 

only  8(A(jt),x,u);  =  8'(T  '(x),u);  remains  to  be  proved. 


[[  expanding  A,  thm.  3  .20  ]] 

[[  def.  A',  3.23  ]] 

[[  Ou)  <)eX  (X.u.i),  induction  hyp.  )] 
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1 


Ra(Yk  or  xk)  then 


We  have  8< Atx  i.x.u)j  =  if  (Afx^  or  xk)  =  e  then  a  else  last(A(x)k  or  x^ 

[[  def.  8,  3.19  ]] 

and  S'(T  '(xj.u^  =  F  '(x)i  =  if  (A'(x)k  or  xk)  =  e  then  a  else  last(A'(x)k  or  xk) 

[[  def.  6',  3.23  and  State-Lemma  ]] 
and  A(x)k  =  A'(x)k  [[  (xjc)  <lex  (x.ujc),  induction  hyp.  ]] 

5(A(x).x.u)i  =  S'(T  '(x),u)i 

-^x.u.i. Register 


If  Y!  f-  f*(..,Yk  or  xk,..)  then 
We  have  8(A(x),x.u)|  =  f(...8<A(x).x,u)k  or  uk...) 
and  S'fT  '(x).u)i  =  f(..,8'(r  '(x),u)k  or  Uj,,..) 
and  A(x.u)k  =  A'(x.u)k 
and  A(x.u)k  =  A(x)k.8(A(x).x.u)k 
and  A'(x.u)j.  =  A'(x)k.6'(F  '(x),u)k 
8(A(x).x.u)k  =  8'(r  '(x),u)k 
f(..,8(A(x).x.u)k  or  Uj,...)  =  f(..,8'(r  '(xl.ulj,  or  t^,..) 
8(A(x)jc.u)j  =  S'(f  '(x).u)j 


[[def.  8.3.19]] 

[[  def.  S',  3.23  ]] 

[[  (x.u.k)  <kx  (x.uj),  induction  hyp.  ]] 
[[  expanding  A,  thm.  3.20  ]] 

[[  def.  A',  3.23  ]] 


^^x.u.i,Cofnbin*uon*l 

“tou 

^^Thm.  3.24 
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4.  Theoretical  Applications  of  the  Semantics 


4.1.  The  MLP-calculus 

In  this  section  we  develop  the  theory  of  MLP  string-functions,  in  order  to  provide  some  basic  tools  for  the 
theoretical  and  practical  manipulations  of  sysd's.  The  following  list  of  theorems  only  includes  those  which  we  have 
found  useful  in  our  current  investigations  of  mechanical  SYSD  equivalence  proofs.  It  is  only  intended  as  the 
beginning  of  a  calculus. 

Theorem  4.1:  Composition  of  f*  ’s 

Let  f,g  be  character-functions,  (f .  g)*  =  f*  „  g*  . 

Proof: 

Immediate 

[f^Thm.  4.1 

The  following  property  is  an  essential  characteristic  of  combinational  functions  (which  will  often  be  used  in 
mechanical  proofs  of  equivalence  of  sysd's): 

Theorem  4.2:  Combinational-Concatenation  Commutativity  [CCC] 

Let  f*  :  (X?*)2  ->  X0*  ,  V  x,  y  e  (X,*)!!  ,f»(x.y)  =  f*(x).f»(y)  . 

Proof: 

f*  was  defined  as  the  homomorphic  extension  of  a  character-function  f  to  strings  (of  same  length),  therefore  this 
property  is  immediate. 

tU^Thm.  4.2 

We  now  define  the  "extended  register"  function:  Rz  .  Intuitively,  Rz  outputs  z  first,  and  then  x,  up  to  a  total 
number  of  characters  equal  to  the  number  of  characters  in  the  input.  The  else  clause  consists  of  the  (uninteresting) 
case  where  the  input  is  of  smaller  length  than  z. 

Definition  4.3:  Rz 

Let  zi ,  k  e  X,*.  define  Rz:  X?*  — »  X,*  by:  Rz(x4-X  M)  =  if  n  >  k  then  zij  kxl.  n  k  else  zl,  n 
It  is  immediate  that  Rz  is  MLP. 

Note  that  we  are  abusing  the  notation  slightly  in  the  case  where  z=a,  since  the  extended  Rt  is  unary,  and  the 
original  Rt  is  binary.  The  confusion  is  harmless,  since  the  binary  Rt  ignores  its  second  input  (xclt),  so  all  algebraic 
properties  of  one  will  carry  to  the  other.  In  the  rest  of  this  section,  we  intend  the  unary  Rt . 


Theorem  4.4:  Composition  of  Rz  ’s 

V  z.z'  G  X,*  ,  Rz- .  Rz  =  Rz,z  . 


Proof: 

Let  z  =  zl,  t ,  z  =  z'-L j  • ,  x  €  X,*,  arbitrary,  x  =  xi,  n  . 

The  proof  has  3  cases:  n  >  i+j  ,  o  <,  i ,  i  <  n  <,  i+j  .  The  most  general  one  is  n  >  i+j  (i.e.  steady  state)  and  it  is  the 

only  one  we  show  (the  others  are  simpler): 

We  have  Rz-z(xi,  n)  =  z'ix  jzil  ixil  n_H  [[  n  >  i+j  ]] 

and  R/X'l'!..,,)  =  z4l  lxil  n.j  [[  n  >  i+j  =>  n  >  i  ]] 

Let  x'  =  Rz(xi,  n) 


li 


•6 


3 


We  have  Ix'l  =  n  .  x'  =  x'A, 

and  Vk  e  { 1  ..n }  ,  x'»k  =  if  1  <  k  <  i  then  zlk  else  xik 
and  R2-(x/)  =  z^ljxVln_j 

R^RZ(X)1  =  z'i,  ..jzi,  ,x.,  =  Rz.z(x) 


[[  n  >  i+j  =>  n  >  j  ]] 

[[  n  >  i+j  =>  n-j  >  i  ]] 


The  next  property  is  the  essence  of  the  "is-a-pipeline-of  relation  which  we  will  define  later,  in  section  4.2  . 

Theorem  4.5:  Rz  pipeline 

V  z.z'x  €  52,*  .  if  Iz'l  =  Izl  then  Rz(xz')  =  zx 

Proof: 

Immediate  verification. 

^^Thm.  4.5 

Finally,  this  next  property  is  an  essential  characteristic  of  MLP  functions  in  general  (which  will  be  key  in 
mechanical  proofs  of  equivalence  of  sysd’s): 

Theorem  4.6:  Register-MLP 

Let  F:  (52,*)2  — »  52,*,  MLP  string-function,  a  e  52,,  V  x  €  (X?*)H  ,  V  u  e  (52^)2  , 

R,(F(x.u))»a.F(x)  . 

The  proof  relies  on  the  following  lemma,  which  is  interesting  in  its  own  right: 

Theorem  4.7:  1st -order  characterization  of  MLP  String-functioriS 

Let  F  be  a  (unary)  function:  52,*  -*  52,*  ,  F  is  MLP  <=>  F(e)  =  e  a  V  x  e  52?*  ,  V  u  e  L,,3v  6  52,  | 

F(x.u)  =  F(x).v  . 

Proof: 


Assume  F  :  Z?*  -*  I?*,  MLP  string-function. 
We  have  IF(e)l  =  lei 
IF(e)l  =  0 
F(e)  =  e 

Assume  x  e  52,*  ,  u  g  52, , 

We  have  F(x)  5  F(x.u) 

3  y  €  52j*  |  F(x.u)  =  F(x).y 
IF(x).yl  =  IF(x.u)<  =  lx.u' 

IF(x)l  +  lyl  =  txl  +  1 
and  IF(x)l  =  Ixl 
lyl  =  1 
y  e  12, 


[[  F  is  length-preserving  ]] 
[[  property  of  length  ]] 

[[  property  of  length  ]] 


[[  F  is  monotonic  ]] 

[[  thm.  2.43,  2nd  def.  of  prefix  ]] 
[[  F  is  length-preserving  ]] 

[[  properties  of  length  ]] 

[[  F  is  length-preserving  ]] 


[[]]  -> 


Assume  F  :  52,*  ->  52j*  |  [hi]  F(e)  =  e  a  [h2]Vxe52?*,Vue52?,3ve£?|  F(x.u)  =  F(x).v 


[[  thm.  2.43,  2nd  def.  of  prefix  ]] 


Let  x,y  6  22,*  I  x  <  y 

then  3  z  e  £0*  |  y  =  x.z 

We  prove  by  induction  on  z  that  V  z  e  22,*  ,  F(x)  <  Rx.z)  : 


-  Base  case:  z  =  e. 


then  x  =  x.z 

[[  x.e  =  x  ,  V  x  e  22,*  ]] 

F(x)  =  Rx.z) 

[[  F  function!  ]] 

F(x)  <  Rx.z) 

[[  <  reflexive  ]] 

-  Induction  step:  assume  that  F(x)  <  F(x.z),  consider  x.(z.u)  for  some  ue  1,: 

We  have  x.(z.u)  =  (x.z).u 

[[  definition  of  concatenation 

[cl]  F[(x.z).u]  =  F(x.z).v  for  some  v  e  £0 

[[  h2  ]] 

and  F(x)  <  F(x.z) 

[[  induction  hypothesis  ]] 

and  F(x.z)  <  F(x.z).v 

[[  definition  of  <  ]] 

F(x)  <  F(x.z).v 

[[  transitivity  of  <  ]] 

F(x)  <  F[x.(z.u)] 

[[cl]] 

monotomc 

We  now  prove  by  induction  on  x  that  V  x  e  22,*  ,  IF(x)l  =  Ixl ,  i.e. 

F  is  length-preserving. 

-  Base  case:  x  =  e. 

We  have  F(e)  =  e 

[[hi  ]] 

IF(e)l  =  lei 

-  Induction  step  . 

Assume  IF(x)l  =  Ixl,  u  €  22, 

We  have  F(x.u)  =  F(x).v  for  some  v  e  22, 

[[  h2  ]] 

IF(x.u)l  =  IF(x).vl  =  IF(x)l  +  Ivl  =  IF(x)l  +  1 

[[  properties  of  length  ]] 

and  IF(x)l  =  Ixl 

[[  induction  hypothesis  ]] 

IF(x.u)l  =  Ixl  +  1  =  lx.  ul 

[[  properties  of  length  ]] 

IUJf  Length-Pre»erving 
[[]]  <- 

4.7 

It  is  clear  that  the  =>  part  of  this  lemma  generalizes  immediately  to  string-functions  of  any  arity.  (For  the 
other  direction,  there  is  a  technicality  in  that  we  have  to  consider  the  restriction  of  F  to  (22,*)2  .)  Therefore,  the  proof 
of  the  Register-MLP  theorem  is  now  extremely  simple: 

Let  a  €  21,,  F  MLP  string-function,  x  e  (2^)2 ,  u  e  (22,)2 
We  have  3  v  e  22,  |  F(  x  .  u)  =  F(  x  ).v  [[  thm.  4.7,  =>  part  ]] 

Rt(F(  x  .  u  ))  =  Rt(F(  x  ).v)  =  a.F(  x  )  [[  definition  of  R,  ]] 

^^Thm.  4.6 

This  completes  our  current  algebraic  development  of  the  theory  of  MLPX  . 
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4.2.  Relations  on  Synchronous  Circuits 

A  key  concept  in  the  transformational  approach  to  design  is  (from  [Talcott  86],  and  in  published  form  in  [Mason 

86]  l: 

Operanons  on  programs  need  meanings  to  transform  and  meanings  to  preserve, 
where  we  replace  "program"  by  "synchronous  system”  for  our  purposes.  The  study  of  relations  on  sysd's  is  the 
study  of  the  various  meanings  we  want  to  transform  or  preserve. 

The  following  preliminary  investigations  are  just  intended  to  give  a  taste  of  the  possibilities... 


Definition  4.8:  Equivalence  Relations  on  LSD 

We  can  define  4  equivalence  relations  on  sysd's,  which  are  progressively  coarser  Let  Slt  S2  e  LSD  , 

•  s.  =  S2  <=>  s:  and  S2  are  syntacticly  identical.  (Not  very  interesting.) 

•  S-  =S2  <=>  S.  and  S,  are  isomorphic  (i.e.  equal  up  to  renaming  of  syntactic  pieces). 


•  S-  =  S2  <=>  [[  Sx  2  =  II  S2  u  -  (Intensional  equivalence:  they  denote  the  same  functional.) 


•  s,  s  S2  <=>  p(sx)  =  |i(S2) .  (Extensional  equivalence:  they  compute  the  same  functions.) 


Note:  technically,  for  =  ,  we  are  comparing  tuples  (of  functions),  and  we  compare  coordinate-wise. 

More  generally,  a  is  a  particular  case  of  the  fact  that  for  any  relation  on  MLP^  string-functions,  we  can  define 
the  corresponding  extensional  relation  on  LSD  as  follows: 


Definition  4.9:  Induced  Extensional  Relation  from MLP^tO LSD 

Let  0  be  a  (n-ary)  relation  on  functions  of  MLP% .  Define  6  on  LSD  with: 

V  s,....sn  €  LSDMS.±,...Sn)  <=>  4>(H-(S1),..,(X(Sn)) . 

Again,  we  extend  6-companson  to  tuples  by  comparing  them  coordinate -wise  (and  answering  True  if  all 
comparisons  are  True). 

One  such  relation  which  is  very  relevant  to  current  digital  circuit  design,  is  the  notion  of  a  string-function  being  a 
pipeline''  of  another: 

Definition  4.10:  Pipeline  relation  on  string-functions 

Let  F,  G  be  two  string-functions:  — »  L?*  , 

•  F  a  z  z<  G  (read  "F  is-a-pipeline-of  G  with  garbage  z  and  purge  z' ")  with  z,z'  e  £,*  <=>  Izl  =  Iz'l 
a  V  x  e  L,*  ,  F(xz')  =  zG(x)  . 

•  F  a  G  (read  "F  is-a-pipeline-of  G")  <=>  3  z,z'  e  L,*  |  F  a  G  . 

This  definition  is  extended  in  the  obvious  way  to  string-functions  of  same  arity  (>  1). 

Intuitively,  z  is  the  garbage  output  during  pipeline  fill-up,  and  z'  is  the  (irrelevant)  string  fed  in  during  pipeline 
purging 


A  AA  H-’V  V 


WWMWK 


Pictorially: 


Figure  4-1:  F  is-a-pipeline-of  G 


( 


•SM 


Theorem  4.11:  a  partial  pre-order 

a  is  a  partial  pre-order  on  string- functions  (i.e.  reflexive  and  transitive)  and  is  not  antisymmetric. 

Proof: 


reflexivity:  immediate  (take  z  and  z'  to  be  e). 
transitivity: 

Assume  F  a  ZJ.  G  and  Gayy<H 
Let  x  arbitrary  in 
We  have  G(xyO  =  yH(x) 
and  F(xy'z')  =  zG(xyO 

F(xy'z')  =  zyH(x) ,  for  arbitrary  x 

■  F«yV.zyH 


[[  G  a  H,  instantiating  x  to  x  ]] 

[[  F  a  H,  instantiating  x  to  xy'  ]] 


a  is  not  antisymmetric,  even  when  restricted  to  MLP  string-functions: 

Counter-example: 

Let 

•  F(x)  =  0101...  |  IF(x)l  =  Ixl 

•  G(x)=  1010...  |  IG(x)l  =  Ixl 

then  Fa0lG  a  Ga]bF,for  any  a,b  e  E 
and  yet  F  *  G 

K^Thm.  4.11 

Note:  thus  counter-example  brings  up  the  fact  that  the  purge  string  mentioned  in  the  definition  of  a  is  absolutely 
irrelevant.  In  fact,  if  there  exists  one  such  purge  string,  then  any  other  string  of  the  same  length  will  do.  This  brings 
up  an  alternative  definition  of  a  which  may  be  also  be  useful: 

Definition  4.12:  Alternate  pipeline 

Let  F,  G  be  two  string -functions  of  arity  1,  F  o  n  G  (read  "F  is-a-pipeline-of  G  with  latency  n")  <=> 

3  z.z'  e  lo*  |  Izl  =  lz'1  =  n  a  V  x  e  L,*  ,  F (xz^  =  zG(x) 


4.3.  Relations  between  Synchronous  Circuits  and  (Mealy)  Sequential 
Machines 

The  key  idea  here  is  that  sequential  machines  [Booth  67],  [Hopcroft-Ullman  79]  can  be  given  string-functional 
semantics  (vi  very  naturally.  Once  this  is  done,  then  we  can  use  our  string-functional  semantics  for  SYSD  s  (p.)  to 
compare  formally  both  objects,  as  shown  pictorially  below.  We  base  our  definitions  on  Mealy  machines.  Since 
Moore  machines  are  trivially  reducible  to  Mealy  machines  (without  state  explosion)  this  does  not  reduce  the 
generality 

Figure  4-2:  Formal  Comparison  of  Sequential  Machines  and  Synchronous  Circuits 


MLP  L 


Synchronous  Circuits  Mealy  Machines 


Note:  the  fact  that  sequential  machines  have  associated  string -functions  is  not  new  in  any  way!  What  is  new  is  to 
look  at  these  functions  as  an  extensional  characterization  of  the  machines,  and  to  compare  them  to  our  extensional 
characterization  of  synchronous  systems.  Usually,  the  standard  theoretical  development  on  sequential  machines 
proceeds  with  an  equivalence  relation  based  on  state  equivalence,  i.e.  an  intensional  characterization. 

A  Mealy  machine  M  is  given  as  a  "next-state"  function  yM  and  a  "next-output-character"  function  5M,  which  both 
depend  on  the  current  state  and  current  input  character.  We  then  extend  these  functions  to  take  strings  of  inputs 
exactly  as  we  did  when  defining  the  Operational  semantics  ofSYSDs  in  section  3.5,  by  iterating  the  next-output  and 
next-state  functions.  Precisely: 

Definition  4.13:  String-Functional  Semantics  of  Mealy  Machines 
Let  M  =  <X,Q.q0,Y.6>  be  a  Mealy  Machine,  with  the  intended  interpretation: 

•  I :  alphabet  (input  and  output) 

•  Q  :  set  of  states 

•  qQ  :  initial  state 

•  y :  Q  x  Z  -*  Q  :  next-state  function 

•  6  .  Q  x  I  -»  X  :  next-output  function 
Define  v(M)  =  A  :  X*  — >  I*  where: 

•  A(e)  =  e  a  A(x.u)  =  A(x) .  8{r(x),u) 

•  Re)  =  q0  a  T(x.u)  =  y  (T(x).u) 

The  fact  that  A  is  MLP  should  be  clear.  Formally,  the  proof  would  be  similar  to  the  ones  in  section  3.5,  and  is 


not  repeated. 


We  can  now  easily  define  extensional  equivalence  of  a  Synchronous  Circuit  and  a  Mealy  Machine: 

Definition  4.14:  Extensional  Equivalence  of  Mealy  Machines  and  Synchronous  Circuits 

Let  M  be  a  Mealy  Machine,  and  s  be  a  SYSD,  we  de'fine  M  =  s  <=>  V  x  €  Z*  ,  v(M)  (x)  =  p.(s)  (x) . 

Note:  there  is  an  interesting  duality  to  this  jump  from  state  machine  to  string  function,  in  that  we  can  easily  define 
"states"  for  an  arbitrary  string  function,  and  trivially  obtain  a  Mealy  machine  equivalent  to  an  MLP  string-function: 

•  To  get  the  states  of  a  function  F  on  I*  ,  take  the  equivalence  classes  for  -  in  I*,  where, 
x  -  y  <=>  V  z  e  I*  F(xz)=F(yz) . 

(A  "state"  is  simply  a  summary  of  the  past  good  enough  to  account  for  the  future.) 

•  To  get  a  Mealy  machine  for  an  MLP  F,  take  those  states,  and  define: 

7  (x_,u)  =  (x.u)~  and  8(x~,u)  =  last(F(x.u)) ,  where  x~  is  the  equivalence  class  of  x  under  -  . 

Actually,  we  get  the  minimal  state  machine  extensionally  equivalent  to  F;  unfortunately  however,  this  is  far  from 
constructive! 
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